6

I'm developing an application that will use public key authentication to contact some webservice. So the user has his keypair on his computer, and I want that file to be encrypted using AES with a key derived from a user's password.

I'm wondering if I'm using relatively "safe" parameters and way of writing the file.

Here are the PBKDF2 and AES parameters:

  • PBKDF2 Iterations : 1024
  • PBKDF2 Hash function : SHA256
  • PBFDF2 Salt size : 256 bits
  • PBKDF2 Derived key size : 256 bits
  • AES Cipher mode : CFB

Here is how the file is written:

  • Salt (Hex encoded)
  • Return line
  • IV (Hex encoded)
  • Return line
  • Encrypted file content (Hex encoded, encrypted using AES in CFB mode and the key derived from the user's password)

Maybe what's missing here is a HMAC (with SHA256, for example) to "guarantee" that the file hasn't been tampered with. Here's how probably I'd append it to the file, after "Encrypted file content":

  • Return line
  • HMAC-SHA256 with the content's encryption key

Thanks in advance.

Syrian Watermelon
  • 180
  • 9

1 Answers1

2

As this question is still on the list of "questions without answers", I'll quickly answer it (Basically repeating all of the above comments).

  1. Increase iteration count to something larger (1 Million?)
  2. You don't want to attach your HMAC of the plain-text after the contents. Rather authenticate either the ciphertext or (even better) use CCM/EAX/GCM mode.
  3. Store the PBKDF's params in the header of the file.
  4. Don't use PBKDF2 if possible. Rather use scrypt (best choice currently, for the next weeks), bcrypt (if no other option) or some of the PHC finalists.
SEJPM
  • 46,697
  • 9
  • 103
  • 214