Hey Ilya, 1) keys_hash can be thrown out, if you use authenticated encryption as the algorithm will tell you wether the keys are valid. You can use a hash as second line of defense, but you don't need to. I'm not an expert on AEAD (esp. GCM), but 32 bytes may not be enough to hold a key for authentication and encryption. You may also need to add a field for an IV (16 bytes) for GCM mode. 2)If I'm reading this rightly (I'm not sure about that either) I do think that string doesn't mean std::string but rather SecByteBlock, as you put some data with some length in there, finalize your message and get some authenticated data out. I'd strongly recommend not to use byte Data[100+] buffers for data that will be encrypted, unless you burn the data from the stack. Rather use SecByteBlock and FixedSizeSecBlock<byte,X> for such things as they may also offer you things like non-swapping memory and automatic secure clean up of data. 3)Decrypt the file as you'd do normally. I'm not sure how this works with Filters and stuff, but I guess you'll either have to check return value and know it's been tampered / invalid / wrong key if false is returned. It may also be the case that the operation will just throw and kick you out of your program if you don't expect it. (I'd rather assume second possibilty)
I think Jeff and/or Mouse will clear things up as soon as they answer (may be some days in worst-case). BR JPM Am Montag, 23. Februar 2015 13:12:44 UTC+1 schrieb Ilya Bizyaev: > > Wow, so much replies!... and so much terms (o_O) > You know, I have even decided to systematize all this material, and got > the following: <Google Docs> > <https://docs.google.com/document/d/1_HGALfl9uNKmVHwDpTjrVgmqYIbkx_4JCbquDQ7MiAE/edit?usp=sharing> > So, the best suggested idea is usage of authentificated encryption > (AES/GCM). > The questions are: > 1) Do I still need the header? And how should it look? > What I now have is: > ---------------------------------------------------- > > struct Entangle_Header { > > char salt[64]; > > /* ----- Format ----- */ > > uint16_t prog_version; /* Header format version */ > > uint32_t keys_hash; /* Should I leave it or not? */ > > uint64_t file_size; /* size of original file */ > > byte keys[32]; /* AES-256 key storage area */ > > } > ---------------------------------------------------- > 2) The example in Cryptopp Wiki is as follows: > > string plaintext, ciphertext; > ... > > GCM< AES >::Encryption enc; > enc.SetKeyWithIV( key, sizeof(key), iv, sizeof(iv) ); > > AuthenticatedEncryptionFilter aef( enc, > new StringSink( ciphertext ) > ); // AuthenticatedEncryptionFilter > > aef.Put( plaintext.data(), plaintext.size() ); > aef.MessageEnd(); > > Is it possible to use buffers instead of strings (e.g. byte buffer[16384]; > aef.Put((byte *) buffer, 16384);)? > 3) If decryption fails, how to detect whether the password is incorrect or > the file is corrupted? > -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
