Hi Carsten, I would like to do deduplication on the server through convergent encryption on the client: http:// www.ssrc.ucsc.edu/Papers/storer-storagess08.pdf
This is basically what most services such as Wuala and Bitcasa do in order to save storage. Basically it means, that you to derive the symmetric encryption key from the file through a cryptographic hash function e.g. SHA1. This way encryption is deterministic and two users will always encrypt the same file to the same ciphertext. The pros and cons of this approach are discussed in the paper. But the tradeoff seems fairly decent. I would like to try it using the symmetric encryption primitives in OpenPGP.js (mainly because it's the fastest js crypto I've seen so far). I just want to make sure that I'm using the correct function. Right now I'm using 'openpgp_crypto_symmetricEncrypt' and it seems to work. But I have a few questions... 1. What is the 'openpgp_cfb' parameter do? It only works when it is set to '0' 2. Is 'prefixrandom' like an initialization vector? If so, I can't choose it randomly for deterministic encryption for obvious reasons. So I also derive it from the sha1 hash right now. Need to research how to do this correctly though. 3. Does the following implementation make sense using the function? // aes encrypt with key_size 128 bit var sha1 = str_sha1(message); var key = sha1.substr(0, 16); // first 16 bytes var prefix = sha1.substr(4, 16); // last 16 bytes var ct = openpgp_crypto_symmetricEncrypt(prefix, 7, key, message, 0); var pt = openpgp_crypto_symmetricDecrypt(7, key, ct, 0); Thanks in advance, Tankred
_______________________________________________ http://openpgpjs.org
