> On 10/25/2011 10:52 AM, Jonas Schnelli wrote: >> How do i create a HMAC-SHA1 with a RSA Key? >> What do i give as input for the param *key? >> >> Why: >> My encrypted file has now the filename of the unencrypted-files-sha1. >> (unsecure!). >> I cannot use the sha1 of the encrypted file because i use EVP_Seal* (aes256 >> session key) so the sha1 of the encrypted file will change after every >> encryption (need to be constant because of the other function in the >> project). >> My approach is, to use a encrypted sha1 of the unencrypted file (so it might >> keep constant). >> I also tried to use RSA_public_encrypt on the unencrypted sha1, but i'd like >> to avoid 128BIT filenames. >> >> > From your question, I gather that you want the following: > > Give the encrypted file a (short) file name which is computed from the > unencrypted plaintext in a way that adversaries cannot use to determine > if the plaintext is the same as some guessed value, or which otherwise > helps adversaries. > > It is OK if only the encrypting party can generate the file name > (otherwise an adversary could calculate it too). > > Proposed solution. > > 1. Generate a secret 224 bit key and store it somewhere safe (as safely > as you store your RSA private keys). > > 2. Use this secret key as the key when computing HMAC-SHA224 of > the unencrypted plaintext.
Why using SHA224 (EVP_sha224()) instead of SHA1(EVP_sha1())? Do you think sha-1 is to weak? > > 3. Convert the resulting 224 bit value to a string using Base32 or another > scheme of your choosing. (Base32 would produce a 45 character > case insensitive string). > > 4. Truncate the string to your desired file name length, but not so short > that accidental collisions become likely (Example to keep up to 16000 > file names likely different, use file names with 2 * log2(16000)=2*14=28 > bits minimum). Thank you very much for your solution. Now i try to implement it like this. Jonas ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
