Thanks for the updates. Encrypting the entire file is not practical and doesn't achieve our goals. It seems that the ideal would be a combination of what Dimitry has done and Gerd points to with the Boeing encryption project. Dimitry if your code became non-proprietary it would be great to be able to use. Our shop doesn't have the bandwidth (or skills) to roll our own VFL.
We are using HDF5 as the backing store for a proprietary application and are not worried about the NSA or complete portability to be read by other tools. We just need reasonably robust obfuscation of our underlying data. Warm Regards, Jim -----Original Message----- From: Hdf-forum [mailto:[email protected]] On Behalf Of Gerd Heber Sent: Friday, March 21, 2014 7:00 AM To: HDF Users Discussion List Subject: Re: [Hdf-forum] symmetric encryption filters? How about http://www.hdfgroup.uiuc.edu/HDF5/projects/boeing/encryption/ or doi:10.1117/12.919736 ? G. From: Hdf-forum [mailto:[email protected]] On Behalf Of Dimitris Servis Sent: Friday, March 21, 2014 5:29 AM To: HDF Users Discussion List Subject: Re: [Hdf-forum] symmetric encryption filters? Hi Jim I have written a non-terminal VFL driver that segregates the metadata and encrypts it. Cheers Dimitris 2014-03-21 11:23 GMT+01:00 huebbe <[email protected]>: While it is possible to perform some encryption in a filter, the filter mechanism is not designed for encryption. The problem is the key: Filters don't get arbitrary data from the calling application to do the decryption, they get only data that is stored in the file. Otherwise, the HDF5 library would not be able to do the decoding in a completely transparent way. And if you put the key into the file (as filter options, or similar), the NSA will be happy. To use the filter mechanism for encryption, you would need to get the key via a side-channel. This is possible, but it will be hard to do this in a usable and portable fashion. For instance, you cannot just pop up a dialog asking for a key, because many programs using HDF5 don't even have a text terminal connected to them while they run. Also note that filtering does not touch the metadata in the file. I. e. the NSA will be able to see the entire description of what is encoded in the file, they will just not have the actual data. If you want security, just use gpg to encrypt the entire file. Cheers, Nathanael Hübbe On 03/21/2014 12:44 AM, Rowe, Jim wrote: > Hello - has anyone used a symmetric encryption filter with HDF5? I > would like to introduce encryption (AES, DES, 3DES) in the pipeline > after zlib compression to encrypt some datasets. > > > > Any examples, starting points, or suggestions would help. > > > > > > Thanks! > > --Jim > > > > > > _______________________________________________ > Hdf-forum is for HDF software users discussion. > [email protected] > http://mail.lists.hdfgroup.org/mailman/listinfo/hdf-forum_lists.hdfgro > up.org > -- Please be aware that the enemies of your civil rights and your freedom are on CC of all unencrypted communication. Protect yourself. _______________________________________________ Hdf-forum is for HDF software users discussion. [email protected] http://mail.lists.hdfgroup.org/mailman/listinfo/hdf-forum_lists.hdfgroup.org _______________________________________________ Hdf-forum is for HDF software users discussion. [email protected] http://mail.lists.hdfgroup.org/mailman/listinfo/hdf-forum_lists.hdfgroup.org _______________________________________________ Hdf-forum is for HDF software users discussion. [email protected] http://mail.lists.hdfgroup.org/mailman/listinfo/hdf-forum_lists.hdfgroup.org
