Kevin W. Wall wrote: > So given these limited choices, what are the best options to the > questions I posed in my original post yesterday?
Given these choices, I'd suggest that you first encrypt with AES-CBC mode. Then apply a message authentication code (MAC) to the whole ciphertext (including the IV). You then send the ciphertext followed the MAC digest. SHA1-HMAC would be a reasonable choice of algorithm for message authentication. Sun's JCA appears to support SHA1-HMAC. http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#Mac http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html#Mac You'll want to use key separation to derive two separate keys. So if the key K is the master key, you could use Kenc = SHA1-HMAC(K, "encrypt") Kauth = SHA1-HMAC(K, "authenticate") or you could use Kenc = AES-ECB(K, all-zeros) Kauth = AES-ECB(K, all-ones) (Either is fine.) Then use Kenc as the crypto key for AES-CBC encryption and Kauth as the crypto key for SHA1-HMAC authentication. If you are encrypting messages that will be sent over a two-way channel, you'll probably want to either use a different crypto key for each direction or include a direction bit in the inputs to the key separation step. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
