Kevin W. Wall wrote:
> So given these limited choices, what are the best options to the
> questions I posed in my original post yesterday?

Given these choices, I'd suggest that you first encrypt with AES-CBC mode.
Then apply a message authentication code (MAC) to the whole ciphertext
(including the IV).  You then send the ciphertext followed the MAC digest.

SHA1-HMAC would be a reasonable choice of algorithm for message
authentication.  Sun's JCA appears to support SHA1-HMAC.

You'll want to use key separation to derive two separate keys.  So
if the key K is the master key, you could use

    Kenc  = SHA1-HMAC(K, "encrypt")
    Kauth = SHA1-HMAC(K, "authenticate")

or you could use

    Kenc  = AES-ECB(K, all-zeros)
    Kauth = AES-ECB(K, all-ones)

(Either is fine.)  Then use Kenc as the crypto key for AES-CBC encryption
and Kauth as the crypto key for SHA1-HMAC authentication.

If you are encrypting messages that will be sent over a two-way channel,
you'll probably want to either use a different crypto key for each
direction or include a direction bit in the inputs to the key separation

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to