Re: Secure plaintext-derived filename [was: HMAC with RSA Key]

Tue, 25 Oct 2011 12:03:15 -0700 


> On 10/25/2011 10:52 AM, Jonas Schnelli wrote:
>> How do i create a HMAC-SHA1 with a RSA Key?
>> What do i give as input for the param *key?
>> 
>> Why:
>> My encrypted file has now the filename of the unencrypted-files-sha1. 
>> (unsecure!).
>> I cannot use the sha1 of the encrypted file because i use EVP_Seal* (aes256 
>> session key) so the sha1 of the encrypted file will change after every 
>> encryption (need to be constant because of the other function in the 
>> project).
>> My approach is, to use a encrypted sha1 of the unencrypted file (so it might 
>> keep constant).
>> I also tried to use RSA_public_encrypt on the unencrypted sha1, but i'd like 
>> to avoid 128BIT filenames.
>> 
>> 
> From your question, I gather that you want the following:
> 
> Give the encrypted file a (short) file name which is computed from the
> unencrypted plaintext in a way that adversaries cannot use to determine
> if the plaintext is the same as some guessed value, or which otherwise
> helps adversaries.
> 
> It is OK if only the encrypting party can generate the file name
> (otherwise an adversary could calculate it too).
> 
> Proposed solution.
> 
> 1. Generate a secret 224 bit key and store it somewhere safe (as safely
> as you store your RSA private keys).
> 
> 2. Use this secret key as the key when computing HMAC-SHA224 of
> the unencrypted plaintext.

Another thing:
Can i also just make a HMAC-SSH224 of the SHA1 of the unencrypted plaintext 
instead of the whole plaintext?
Is this to unsafe?
Remember: i just want to have a filename which not leads to a possible 
file-content.

Thanks

> 
> 3. Convert the resulting 224 bit value to a string using Base32 or another
> scheme of your choosing. (Base32 would produce a 45 character
> case insensitive string).
> 
> 4. Truncate the string to your desired file name length, but not so short
> that accidental collisions become likely (Example to keep up to 16000
> file names likely different, use file names with 2 * log2(16000)=2*14=28
> bits minimum).
> 
> -- 
> Jakob Bohm, CIO, WiseMo A/S.
> Secure remote control of Smart phones, PCs and embedded systems.
> This public posting comes with no promises, no warranties and is not binding.
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
























					Reply via email to