Hello Uri,
On Tue, May 26, 2020 at 7:59 PM Blumenthal, Uri - 0553 - MITLL
wrote:
>
> Emmanuel,
>
> Would you mind explaining why you choose to continue encrypting the AES key,
> which - admittedly - is an unnecessary overkill? Is it merely to preserve the
> established process itself?
I'm
Emmanuel,
Would you mind explaining why you choose to continue encrypting the AES key,
which - admittedly - is an unnecessary overkill? Is it merely to preserve the
established process itself?
On 5/26/20, 04:26, "openssl-users on behalf of Emmanuel Deloget"
wrote:
Hello Richard and
Hello Richard and everybody,
First, thanks all for your valuable responses ; be sure that I heard
you and I fully understand your remarks (for the record, I do generate
a signature on the binary using yet another key pair and I fully get
that encrypting the AES key in my case is a bit overkill
On Mon, 25 May 2020 13:20:28 +0200,
Emmanuel Deloget wrote:
> In my development I'm using a idiom that's not as widely used as I
> thought (as I get it after multiple days of searching out there). In
> order to securely distribute a binary, I encrypt it using an AES key
> and the AES key itself is
> The proper protocol would be to just sign the binary by your private
> RSA key and encrypt it with a symmetric key, that you directly pre-
> distribute to your recipients via the same channel that you now use to
> distribute your public RSA key.
I agree with Tomáš, just would like to emphasize
I’ll note that encryption is _not_ an integrity check. Depending on how the
AES encryption is done, this could be a significant hole.
Pauli
--
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
Phone +61 7 3031 7217
Oracle Australia
> On 25 May 2020, at 10:12 pm, Tomas
On Mon, 2020-05-25 at 13:20 +0200, Emmanuel Deloget wrote:
> Hello everybody,
>
> I'm pretty sure this has already been discussed somewhere but
> grepping
> through the whole openssl-user list does not gave me the answer I'm
> searching for, so here am I.
>
> In my development I'm using a idiom