Hi! ~~~ On 05/04/2012 11:17 AM, Tankred Hase wrote: > > You are correct the result would be a different cipher text each time. > > > > According to rfc4880 the block size for AES is 16 octets. Perhaps it > would make sense to use sha256 and use the bytes 0-15 as the encryption key > and the bytes 16-31 as the randomPrefix. > > > > As already described the standard defines this prefix to be random. I am > not a crypto expert and so I can't answer if this is considered secure or > not. I am tempted to say this could be a solution. > > > Since I am trying to integrate external OAuth storage services such as Google > Drive, deduplication of encrypted file blobs is currently not an issue > anymore (Google should have enough storage ;)). > > Instead of using convergent encryption and generating a key for the files > using SHA operations, I would like to generate 256 bit keys and 16 octets for > the 'randomPrefix' using window.crypto.generateRandomValues()... this would > be done before invoking the web worker, as to not have a reference to window > in the worker code. > > One question regarding this: Does OpenPGP.js take any extra precautions when > generating session keys used for symmetric encryption, or can I just use the > output of crypto.generateRandomValues as my symmetric crypto key? >
The Key and the Prefixrandom are secure random bytes taken from openpgp_crypto_getRandomBytes passed to openpgp_crypto_symmetricEncrypt. Please keep in mind that both strings MUST have the block-size length of the cipher used. For doing so you can use openpgp_crypto_getPrefixRandom(algo) with the algorithm number as argument. This calls openpgp_crypto_getRandomBytes with the correct amount of bytes. An example for this can be found in openpgpjs/src/packet/openpgp.packet.encrypteddata.js function write_packet. best regards, carsten _______________________________________________ http://openpgpjs.org
