Re: Exporting an AES key

On Apr 21, 4:02 pm, t...@xxxxxxx wrote:
On Apr 21, 9:21 am, mathieu <mathieu.malate...@xxxxxxxxx> wrote:



Hi there,

I am banging my head trying to understand the standard I am
implementing:

...
The encryption shall be done using RSA [RFC 2313] for the key
transport of the
content-encryption keys. A de-identifier conforming to this security
profile may use either AES or
Triple-DES for content-encryption. The AES key length may be any
length allowed by the RFCs. The
Triple-DES key length is 168 bits as defined by ANSI X9.52. Encoding
shall be performed according
to the specifications for RSA Key Transport and Triple DES Content
Encryption in RFC-3370 and for
AES Content Encryption in RFC-3565.
...

I choose the AES algorithm (256bits), but now I am stuck with this
AES key that I do not know how to export to my user. It is stored as
'unsigned char key[32]' in my C code. Could someone points me to some
documentation (API, command line tool should be fine).

thanks !

You haven't mentioned what standard you are implementing. But
normally AES keys are either randomly derived or derived from
passwords. If you're randomly generating the key, it's usually
encrypted with RSA [or ECC] and you'd be using a PKCS #7 based
standard. If the key is user derived [e.g. via a password] then
you're using PKCS #5 to perform a KDF, in this case you only store the
salt used in the KDF and not the key at all.

In either case, if you play your cards right your user should never
have to know, see, touch or even smell their AES key.

This is a sub-section of the DICOM standard. See
ftp://medical.nema.org/medical/dicom/2008/08_15pu.pdf, Annex E
ATTRIBUTE CONFIDENTIALITY PROFILES (page 33).

As far as I understand the standard, I am generating a random AES key
(using HAVEGE implementation from xyssl/polarssl). But you are saying
that I should then 'encrypt with RSA [or ECC] and you'd be using a
PKCS #7 based standard'.

Ok now I need to figure out what this means, ideally what this means
in xyssl/polarssl implementation.

Thanks a bunch !
-Mathieu
.

Relevant Pages

  • Re: Exporting an AES key
    ... The encryption shall be done using RSA for the key ... to the specifications for RSA Key Transport and Triple DES Content ... AES key that I do not know how to export to my user. ... You haven't mentioned what standard you are implementing. ...
    (sci.crypt)
  • Re: Symmetric encryption algorithm with group like properties
    ... >> Solutions that exist today are not as secure as they can be. ... I wouldn't expect more than PGP / GPG type encryption, ... > versions - with the key, protected by RSA encryption under a RSA public key ... > Alice needs a secure decryption mechanism to read her emails, ...
    (sci.crypt)
  • RE: rsa encrtyption
    ... It seems to work for her now and all we did was apply some Sql Server updates. ... My only guess was that the MS dll she used to apply the RSA encryption was ... According to the RSA encryption reference, I've performed some local tests, ... Export the machine-level RSA key container: ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: rsa encrtyption
    ... According to the RSA encryption reference, I've performed some local tests, ... Grant Read Access to the RSA Encryption Key: ... Export the machine-level RSA key container: ... Import the the machine-level RSA key container on the 2nd server: ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Rabin vs. RSA/ElGamal
    ... the speed difference between RSA ... encryption and Rabin encryption probably is irrelevant. ... For RSA or ElGamal you need exponentiation. ...
    (sci.crypt)
Loading