Best way to store an AES Key
Hello,
I'm currently developing a little "file vault" , with graphical interface, to enable end users to encrypt/decrypt some of their personal files on teh filesystem
I'm currently using AES as Cipher :
the first time the user launches the UI, i generate an key for AES then store it (encoded as Base64) in Registry (if Windows) using java.util.Preferences
Doing this, later, the application automatically retrieves this key for decrypt/encrypt tasks.
Is this the best way to store this kind of key.
I currently ask myself if i couldn't (as second option) leave the user choose a key first : the user should then retype this key at every launch of the application to be able to decrypt/encrypt his files.
What is the best way?
Laurent
How do you propose to protect the key from view by attackers?Consider the use of Passphase Based Encryption (PBE). Using it you won't need to store the key anywhere.
Can i combine the passphrase based encryption (PBE) with AES ?Is it a good idea that i use CryptoLight for this ( http://jcetaglib.sourceforge.net/) I've seen it includes PBE crypter/decrypter...Thanks
> Can i combine the passphrase based encryption (PBE)
> with AES ?
Yes.
>
> Is it a good idea that i use CryptoLight for this
> (http://jcetaglib.sourceforge.net/) I've seen it
> includes PBE crypter/decrypter...
>
I don't know about CryptoLight but the JCE provides PBE with AES out of the box.
Erata - sorry I am wrong. As far as I can tell, PBE with AES is available from BouncyCastle but not from Sun.
Message was edited by:
sabre150
Once, I made this PBE by myself. I just computed MD5 of a byte[] and used it as a AES key (additionally I should compute a hash of the AES key, in order to recognize wrong passwort).It is very simple and works perfectly. But maybe I'm missining some important point?
> But maybe I'm missining some important point?Perhaps. You should look at all the features in PKCS#5 and compare the protection they offer with your PBE version.
Here is the doc about PKCS#5 v2 (1999) from RSA :ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs5v2-0.pdfI will check this..Thanks for your answer
As far as i understand in the document PKCS#5 , to do my application, i should use the PBES2 (password based encryption scheme 2), respecting the following steps :
Encryption:
1) Select a Password (P) : this password is not stored on the system, the user will provide it to the application for every operation (dec / enc)
2) Select a Salt (S) : i wonder if first time i should use a pseudo random generator, then store the Salt on the System (where on Windows or Linux?...)
3) Select an iteration Count (c) : should be > 1000
4) select a derived key Length (dkLen)
5) Create a derived key (DK) using the formula : DK = DKF(P,S,c,dkLen)
6) Encrypt clear Message M using the Derived Key (DK) an the algorithm AES, to obtain the Cipher Text (C)
Decryption:
Repeat steps 1 to 5
6) Decrypt Cipher Text (C) using DK and AES algorithm to obtain the clear message (M)
Does it sound good for you.
My question is always the same :
Should i hard code in my application the Salt ,the Iteration Count, and the derived key length or , should i first generate a pseudo random Salt, then store it on the file system (Windows Registry, File)
Any idea?
Laurent
Message was edited by:
Laurent_Bois
To Store the Salt, my first idea is :
I have an embedded Database in my Swing application (Apache Derby)
Then two options:
1) i store the salt as is (not encrypted)
2) i use the user password to derive a key before encrypting (with AES) the salt in the embedded database.
With this method, if the salt (encrypted) is stolen, it couldn't be used as is to generate the derived key used to encrypt/decrypt the messages.
Is it a good idea or am i in the wrong way?
You must store the iteration count and the salt unencrypted along with the encrypted message. Upon decryption, you extract the salt and the iteration count from the encrypted message and get the password from the user. With these values, you can then decrypt the message.
Thanks a lot..Doing this, for each encryption, i can use a random sold and a randon iteration count.I will check how i can do with BouncyCastle
How can you store unencrypted salt and iteration count along the encrypted message to retrieve them later when decrypting..
I do not find anything about this technique..all samples i find are quite simple, because in the same program are done encryption/decryption for the example.
Thanks
Message was edited by:
Laurent_Bois
Write them to the output using DataOuputStream and then read them, before you start to decrypt, using DataInputStream.
