EldoS | Feel safer!

Software components for data protection, secure storage and transfer

encryption questions

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 01/29/2014 20:27:49
by Jeremy Spiegel (Standard support level)
Joined: 01/29/2014
Posts: 16

I'm having trouble with storage encryption. I'm able to add files without errors, but when looking inside my storage container, I see the plaintext of the file contents that I expected to be encrypted. I tried using both ecAES256_SHA256 and ecCustom256 for the storage encryption (passing encrypt/decrypt/calculate/validate functions in the latter case).

I think it may be because I'm using the evaluation version, since according to https://www.eldos.com/solfs/applications.php, encryption is available in the "registered version only", and https://www.eldos.com/documentation/solfs/os/ref_cl_storagestream_mtd_create.html says encryption is not supported in the evaluation version. Is there a way to evaluate this feature?

I'm also curious for more details about how encryption works in the library. When using ecAES256_SHA256, what mode of operation is used (CBC, ESSIV, XTS) and how is it configured? When using custom encryption, there is a PageIndex and ObjectID that can be "used as additional salt during encryption", but can you provide more information about exactly what they represent?
Posted: 01/30/2014 02:15:01
by Alexander Plas (EldoS Corp.)


Whole storage encryption is available for any version, as soon as you have registration key (every trial), per file encryption is not available for Lite Package.

The ecAES256_SHA256 encryption mode is obsolete and used for backward compatibility with earlier versions. You have to use ecAES256_HMAC256 mode instead. ecAES256_HMAC256 mode uses PageIndex and ObjectID parameters (which are unique for every page) to generate per page key with HMAC algorithm. Both ecAES256_SHA256 and ecAES256_HMAC256 operates in CBC mode across the data on the page.

I suppose you have missed some encryption related call or you have to reorder such calls. Could you please show your encryption related code?
Posted: 01/30/2014 15:46:25
by Jeremy Spiegel (Standard support level)
Joined: 01/29/2014
Posts: 16

Hi, thanks for the reply.

Inside solfsapp_mac_ios/Samples/CPP/solfs_console/solfsc.cpp, I added two lines to the OpenStorage function at line 574:

int OpenStorage(string StorageName, SolFSStorage *Storage, bool ExistingOnly)

I then built it and called it like:
echo filecontents > filename
./solfs_console a archive filename
cat archive

Looking inside the archive, I can see "filecontents" and "filename" in plain text. Is there something I'm doing wrong?

Also, when in the ecAES256_HMAC256 mode, using CBC as you stated, what is used for the initialization vector for encrypting a given page? Thanks again!
Posted: 01/31/2014 08:38:15
by Alexander Plas (EldoS Corp.)

Thank you for the report. I've found the problem. Update for you will be available in the HelpDesk.
Posted: 01/31/2014 23:24:00
by Jeremy Spiegel (Standard support level)
Joined: 01/29/2014
Posts: 16

Thanks for the quick resolution!
Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.



Topic viewed 2700 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!