EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Message encryption with 509Certificate

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#33687
Posted: 06/17/2015 04:06:24
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Hi,
I do a message encryption with TELX509Certificate of a public key of a certificate of an administration-office. The encryption result is stored to file. All works fine.
When encrypting the same original message a second time with same certificate, the resulting stream (file) is different from the first one. Is this right? Is there any way to have always same result?
best regards
Toni Santa
SABE SOFT
#33715
Posted: 06/19/2015 08:47:10
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Hi,
are there any news in regard? Depending on your answer I'll have to adapt my application.
Thanks and best regards
Toni Santa
SABE SOFT
#33717
Posted: 06/19/2015 11:34:57
by Ken Ivanov (EldoS Corp.)

Hi Toni,

I am sorry for the delay with answering, your original message was overlooked for some reason.

It is correct that you always get a different encrypted message, even though you are encrypting the same source. This is due to a random padding added to the message on encryption stage.

This is a common behaviour of the RSA PKCS#1 encryption method, so you should be prepared to get different encryption results for the same message being encrypted several times.

Ken
#33719
Posted: 06/19/2015 15:48:34
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Hi Ken,
thank you for your answer. Would it be possible for future releases to optionaly pass this "random padding" to the crypting procedure?
Tanks.
Toni
#33724
Posted: 06/22/2015 05:36:28
by Ken Ivanov (EldoS Corp.)

Hi Toni,

To be fair, I doubt it. The standard requires the random padding to be always used appropriately, as neglecting it may result in a compromise of the whole scheme. Therefore SecureBlackbox always uses the output of its built-in PRNG to form a correct and secure padding string.

If you need to identify whether an encrypted string corresponds to some particular known data, it makes sense to store a checksum (preferably, salted) of the original data together with the encrypted string and use that checksum to look up the needed record(s).

Ken
#37313
Posted: 07/27/2016 05:19:37
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Hi,
after some time I'm turning to this thread.
I'ld absolutely have the need to be able to produce a second time an identical encrypted file as the first one. Therefor my question: can I get the "random padding" used for first encryption (or reading it from encrypted file or getting it from encryption-procedure immediately after done encryption) and can I use it for second one encryption to have a bit-for-bit identical encrypted file?
best regards
Toni
#37316
Posted: 07/27/2016 07:32:46
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

You can't do this without our code modification, sorry.
#37318
Posted: 07/27/2016 08:16:48
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Hi,
and are there any chances to see implemented such functionality in future updates of your components?
#37319
Posted: 07/27/2016 08:29:25
by Eugene Mayevski (EldoS Corp.)

What you asking for is a violation of the standard, and also a security weakness. So I don't think we will implement such security reduction.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 1312 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!