Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to communicate AES initialization Vector to client for hybrid cryptosystem

Tags:

rsa

public-key

encryption

aes

private-key

I need to implemented security for client-server communication. I have implemented the following hybrid cryptosystem

To encrypt a message addressed to Alice in a hybrid cryptosystem, Bob does the following:

  1. Obtains Alice's public key.
  2. Generates a fresh symmetric key for the data encapsulation scheme.
  3. Encrypts the message under the data encapsulation scheme, using the symmetric key just generated.
  4. Encrypt the symmetric key under the key encapsulation scheme, using Alice's public key.
  5. Send both of these encryptions to Alice.

To decrypt this hybrid ciphertext, Alice does the following:

  1. uses her private key to decrypt the symmetric key contained in the key encapsulation segment.
  2. uses this symmetric key to decrypt the message contained in the data encapsulation segment.

I am using RSA For a public-key cryptosystem, and AES for symmetric-key cryptosystem. Every thing works fine, but I am not sure how to handle AES initialization vector. Currently, I am concatenating the AES key and initialization vector encrypting it with the public key and sending that to server.

I just wanted to get some opinions about this approach. How this problem is solved by other communication protocols SSL etc.

Thanks.

like image 340
Faisal Mansoor Avatar asked Oct 08 '09 21:10

Faisal Mansoor

People also ask

How is AES key shared?

AES is a symmetric algorithm, so it does not have public and private keys - only a shared secret. Show activity on this post. In the simplest form: AES is a symetric algorithm, it uses the same key for encryption and decryption.So tat whoever has the key can read your message.

How is IV generated in AES?

In the example above, an iv is created by generating a random string of the same length as the block size (so our iv will be 16 bytes, or characters, as we mentioned above). This value is then passed in to the initialization of the cipher so that it can be used by the library code when encrypting the value.

What is salt and IV in AES?

Salt is necessary to prevent pre-computation attacks. An IV (or nonce with counter modes) makes the same plain text produce different cipher texts. The prevents an attacker from exploiting patterns in the plain text to garner information from a set of encrypted messages.

Do I need a salt for AES?

AES doesn't have a concept of a salt. It just takes data, and a key. For the same input, it will always generate the same output. How you combine your message with your salt is up to you.

2 Answers

You don't encrypt the IV. Bundle it with the encrypted key and send it (in the clear) to the recipient.

Standards for this do exist. This scheme is called "KeyTransRecipientInfo" in CMS (upon which S/MIME is based), and PGP offers a similar mode. TLS also includes the initialization vector as a parameter in the key encryption algorithm identifier, using the same ASN.1 syntax as CMS. A robust, open-source library to perform this operation is available for many, many platforms.

At the very least, studying the CMS specification might help avoid some of the many pitfalls in a home-brew implementation. See §6.1 and §6.2.1 of RFC 3369.

like image 155
erickson Avatar answered Oct 18 '22 19:10

erickson

I've done the same thing, and I handled it the same way - concatenate the AES key with the IV and encrypt them both.

You could also just send the key and use the key itself to generate an IV - for example by using the first 128 bits of a hash of the key as the IV. That should be OK security-wise as long as you are generating a new AES key for each session and not re-using the same AES key over and over with the same IV.

like image 34
Eric Petroelje Avatar answered Oct 18 '22 21:10

Eric Petroelje
Sign in to Comment

Related questions

Invalid Key Length After Upgrading to NodeJS 6
CipherInputStream only read 16 bytes (AES/Java)
DoD Password Complexity: Users cannot reuse any of their previous X passwords
What is the password parameter to openssl_encrypt?
How to use nonces in asymmetric encryption (libsodium)?
Java 7 -> Java 8: AES Causes exception: "BadPaddingException: Given final block not properly padded" in conjunction with BufferedReader & ZipStreams
How to decrypt a string in C# which is encrypted via PowerShell
How to generate a Google ReCaptcha V2 secure token with PHP?
bad decrypt error in ruby
What are the benefits of HMAC over symmetric cryptography?
Encryption with AES-256 Java
BadPaddingException when trying to decrypt Fingerprint API cypher
poppler pdfunite cannot merge encrypted PDF files, how to remove encryption? (no password needed to open)
iPhone and Crypto Libraries
Sign data with MD5WithRSA from .Pem/.Pkcs8 keyfile in C#
Is it possible to trace back a string inside an IPA binary?
AESCrypt decryption between iOS and PHP
System.Security.Cryptography.CryptographicException -object already exist
What is un-secure about NSUserDefaults, is manual encryption safe?
Ok, so I've encrypted my data now where do I hide the key?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!