Hi Carsten, You are correct the result would be a different cipher text each time. > > > > According to rfc4880 the block size for AES is 16 octets. Perhaps it > would make sense to use sha256 and use the bytes 0-15 as the encryption key > and the bytes 16-31 as the randomPrefix. > > > > As already described the standard defines this prefix to be random. I am > not a crypto expert and so I can't answer if this is considered secure or > not. I am tempted to say this could be a solution. >
Since I am trying to integrate external OAuth storage services such as Google Drive, deduplication of encrypted file blobs is currently not an issue anymore (Google should have enough storage ;)). Instead of using convergent encryption and generating a key for the files using SHA operations, I would like to generate 256 bit keys and 16 octets for the 'randomPrefix' using window.crypto.generateRandomValues()... this would be done before invoking the web worker, as to not have a reference to window in the worker code. One question regarding this: Does OpenPGP.js take any extra precautions when generating session keys used for symmetric encryption, or can I just use the output of crypto.generateRandomValues as my symmetric crypto key? Thanks, Tankred
_______________________________________________ http://openpgpjs.org
