Hi everyone! I have a fairly basic question about how to use blowfish-cbc in an application. Here's the scanario:
An application will receive arbitrary amount of data (potentially multi-gigabyte) via a tcp/ssl socket, multiple files from multiple senders over long periods of time (i.e. not in the same tcp session). Before processing it, the whole stream needs to be saved to disk, in the end assembling it into a structured file (xml). The data being sensitive, the files on disk need to be encrypted from the start. The application has access to a persistant secret key (length to be defined?). All resulting files should be recoverable with the same key. Processing of the file is done asynchronously, ie. not immediately after receiving. So the idea was to use blowfish-cbc with the secret key to sequentially encrypt the data in arrival and append the crypttext to the saved file. After receiving all data, the file can be in turn decrypted later on with the secret key and processed by the application. Now the basic questions that I was unable to answer: - With a given key being reused for all encrypted files, the IV from my understanding is central to the strength of the encryption. So a unique random IV needs to be used for each file. Does this mean that for every file I have to record the IV in order to decrypt it later? Or is my understanding wrong? - Is there a reasonably secure way to use the same secret key for all encryption, and if so, how should it be used by the application? - Is the above feasible at all? Is there a more logical way to do this? Thanks in advance for shedding some light for a lost soul ;-) Kind regards /markus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
