SHA-1 is partially broken already. It should not be used unless
necessary for backwards compatibility.
On 10/25/2011 9:01 PM, Jonas Schnelli wrote:
On 10/25/2011 10:52 AM, Jonas Schnelli wrote:
How do i create a HMAC-SHA1 with a RSA Key?
What do i give as input for the param *key?
Why:
My encrypted file has now the filename of the
unencrypted-files-sha1. (unsecure!).
I cannot use the sha1 of the encrypted file because i use EVP_Seal*
(aes256 session key) so the sha1 of the encrypted file will change
after every encryption (need to be constant because of the other
function in the project).
My approach is, to use a encrypted sha1 of the unencrypted file (so
it might keep constant).
I also tried to use RSA_public_encrypt on the unencrypted sha1, but
i'd like to avoid 128BIT filenames.
From your question, I gather that you want the following:
Give the encrypted file a (short) file name which is computed from the
unencrypted plaintext in a way that adversaries cannot use to determine
if the plaintext is the same as some guessed value, or which otherwise
helps adversaries.
It is OK if only the encrypting party can generate the file name
(otherwise an adversary could calculate it too).
Proposed solution.
1. Generate a secret 224 bit key and store it somewhere safe (as safely
as you store your RSA private keys).
2. Use this secret key as the key when computing HMAC-SHA224 of
the unencrypted plaintext.
Another thing:
Can i also just make a HMAC-SSH224 of the SHA1 of the unencrypted
plaintext instead of the whole plaintext?
Is this to unsafe?
Remember: i just want to have a filename which not leads to a possible
file-content.
Thanks
3. Convert the resulting 224 bit value to a string using Base32 or
another
scheme of your choosing. (Base32 would produce a 45 character
case insensitive string).
4. Truncate the string to your desired file name length, but not so short
that accidental collisions become likely (Example to keep up to 16000
file names likely different, use file names with 2 * log2(16000)=2*14=28
bits minimum).
--
Jakob Bohm, CIO, WiseMo A/S.
Secure remote control of Smart phones, PCs and embedded systems.
This public posting comes with no promises, no warranties and is not
binding.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
<mailto:openssl-users@openssl.org>
Automated List Manager majord...@openssl.org
<mailto:majord...@openssl.org>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
