Hi everyone!

I have a fairly basic question about how to use blowfish-cbc in an
application. Here's the scanario:

An application will receive arbitrary amount of data (potentially
multi-gigabyte) via a tcp/ssl socket, multiple files from multiple
senders over long periods of time (i.e. not in the same tcp session).
Before processing it, the whole stream needs to be saved to disk, in the
end assembling it into a structured file (xml). The data being
sensitive, the files on disk need to be encrypted from the start. The
application has access to a persistant secret key (length to be
defined?). All resulting files should be recoverable with the same key.
Processing of the file is done asynchronously, ie. not immediately after
receiving.

So the idea was to use blowfish-cbc with the secret key to sequentially
encrypt the data in arrival and append the crypttext to the saved file.
After receiving all data, the file can be in turn decrypted later on
with the secret key and processed by the application.

Now the basic questions that I was unable to answer:

- With a given key being reused for all encrypted files, the IV from my
understanding is central to the strength of the encryption. So a unique
random IV needs to be used for each file. Does this mean that for every
file I have to record the IV in order to decrypt it later? Or is my
understanding wrong?

- Is there a reasonably secure way to use the same secret key for all
encryption, and if so, how should it be used by the application?

- Is the above feasible at all? Is there a more logical way to do this?

Thanks in advance for shedding some light for a lost soul ;-)

Kind regards
/markus
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to