EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Key and Data Encryption Algorithm

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#15937
Posted: 02/28/2011 19:25:47
by Eric Lenington (Standard support level)
Joined: 12/06/2010
Posts: 37

Using the S3 data storage class with a generic encryption key, I set the following properties before WriteObject:

oHandler.KeyEncryptionAlgorithm := $7007;
oHandler.DataEncryptionAlgorithm := $7007;

This should set both algorithms to AES-256. But when I read the object back with ReadObject, and use the following functions in the SecurityHandlerCreated event:

SBUtils.GetAlgorithmNameByAlgorithm(oHandler.KeyEncryptionAlgorithm)
SBUtils.GetAlgorithmNameByAlgorithm(oHandler.DataEncryptionAlgorithm)

I get key AES-128 instead of the expected AES-256 (data is correct). Am I doing something wrong?


On a related topic, is it necessary for my code to free the security handler that gets created by a ReadObject call?
#15939
Posted: 02/28/2011 20:08:55
by Ken Ivanov (EldoS Corp.)

You are doing everything right. The inconsistency with key encryption algorithm you are noticing is caused by the following reason: a session key used to encrypt the object can be encrypted with a number of different symmetric keys using different key encryption algorithms. One cannot tell which exactly key (and, in turn, which exactly algorithm) was used for decryption until the document is actually decrypted. That is, the value of key encryption algorithm should be read *after* decrypting the object. I admit it is not that obvious, so we are likely to change the default value of KeyEncryptionAlgorithm to SB_ALGORITHM_UNKNOWN in one of the future SBB builds.
#15941
Posted: 02/28/2011 20:16:50
by Eric Lenington (Standard support level)
Joined: 12/06/2010
Posts: 37

I see. Definitely not obvious, but understood. Tnx!
#15943
Posted: 02/28/2011 20:18:59
by Ken Ivanov (EldoS Corp.)

Oops, I missed your subsequent question:
Quote
On a related topic, is it necessary for my code to free the security handler that gets created by a ReadObject call?

No, you shouldn't free the handler. The handler is either freed inside the ReadObject() method (if you reference the object by a bucket name and a key), or inside the destructor of TElAWSS3DataStorageObject object when it's freed (if you use the overload that accepts TElAWSS3DataStorageObject parameter).

Reply

Statistics

Topic viewed 700 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!