On Sun, Dec 21, 2008 at 12:54:44PM -0800, BiGNoRm6969 wrote:
>
> Using the SHA256 on private key was an idea to easily generate symmetric key
> without needs to protect the key itself (generated on the fly from the a
> protected private key for decryption and encryption).
>
> I did not made any decision about my design but I was exploring this
> possibility. All your comments points to the same direction so I will
> explore other alternatives. I am still new in security and I am not sure if
> I understand why this way is vulnerable to replay attack.
>
> Does OpenSSL include tools/function to generate symmetric keys ? Other
> suggestions ?
You are still contemplating designing your own protocol. Purge this idea
from your mind.
For "store and forward" encrypted messages) use S/MIME or CMS.
For secure transport use TLS.
If you want encrypted media, (key stored on storage device, or entered
when needed, protects content of device B) use symmetric crypto with
keys derived from the secret seed (no need for public/private keys,
they add no value) via a secure key derivation function. PBKDF2 from
PKCS#5 version 2.1 is a good choice. In OpenSSL it is called:
PKCS5_PBKDF2_HMAC_SHA1()
sadly no documentation is available, so you have to read the source
and/or find examples of its use in existing code. For block devices,
with random I/O there is typically no room for a MAC or IV, so you
use an implicit IV derived from the block number, and accept the
fact that integrity cannot be guaranteed at the block level. Some
"modes" have better error propagation than CBC for this application,
consider one of the newer modes for disk encryption.
If your problem does not fit any of the above, it would be wise to
describe it.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
