2

One can encrypt data in a standardized fashion, e.g. with openssl using a command such as openssl enc -e -aes-256-cbc. This results in a raw stream of encrypted data, which lacks the ability for efficiently changing the encryption key. Changing the encryption key requires decrypting the data with the old key and encrypting it again with the new one.

I'm looking for a standard format (and associated tools) that would create a stream starting with a metadata header, which would contain as a minimum the data's encryption key encrypted with a master or key-wrapping key. This would allow efficient "rekeying" by changing only the master or key-wrapping key. If the header also contained the encryption method used and its parameters, that would further simplify administration. Alternatively, this header could also exist as a separate file.

I thought that such a scheme would be fairly standard (e.g. for storing encrypted backups) and extensively documented. Following comments I received on the question, I realized that the scheme is not well-known and that there are disagreements regarding the terminology. I checked a few books (through their index entries), and could not find it authoritatively described. The books I checked were Security in Computing (Pfleeger, Pfleeger Margulies, 2015), Applied Cryptography (Schneier, 1996), and Security Engineering (Anderson, 2001). From those only Schneier alludes to the scheme on p. 184.

Diomidis Spinellis
  • 123
  • 5
  • 1
    From [wikipedia](https://en.wikipedia.org/wiki/Rekeying): *In cryptography, rekeying refers to the process of changing the session key -- the encryption key of an ongoing communication*. Since you want to change the key used to encrypt the encryption key and not the encryption key used for the data itself this is usually not called rekeying. – Steffen Ullrich Sep 12 '16 at 08:29
  • In the physical world rekeying means changing a lock's key without changing the lock. I checked and indeed the term in cryptography is not used to refer to what I describe. To clarify, I expressed the question in terms of master or key-wrapping keys and put "rekey" in quotes. – Diomidis Spinellis Sep 12 '16 at 09:25
  • Once the data is encrypted the key cannot be changed. The key can be encrypted and protected by password and additional security layers. Network based solution could do something like that when user has no physical sccess to the decrypting service nor to the key server like here: https://security.stackexchange.com/questions/133821/secure-cloud-encryption-scheme-do-you-know-what-is-the-standard-for-this – Aria Sep 12 '16 at 10:01
  • 1
    @Aria: The way this works is that you create a second key, which you encrypt with the master key, store encrypted in the header, and then forget. When you want to change the master key, you decrypt the second key with the old master key, encrypt it with the new master key, and update the header with the newly encrypted second key. – Diomidis Spinellis Sep 12 '16 at 10:06
  • So that would be standard for encrypting and storing AES private keys. Encrypting could be done with public key part of master key and storing in the file header. So for this there would have to be format of how the encrypted key is structured and the format of the file which has encrypted key in the header. Such file can then be recovered with master key. I think in the software world there isn't such format for general use but should be safe and easy to implement. – Aria Sep 12 '16 at 10:46
  • It would be good to ask opinion on cryptography.se what they think about storing encrypted private key with public key. On the other hand, encrypting it with symmetric key would involve sending it to external server. – Aria Sep 12 '16 at 10:57
  • @Aria there is no need for public/private key encryption nor for an external server. I agree it is not difficult to implement this scheme. A standard format would allow interoperability among diverse tools. – Diomidis Spinellis Sep 12 '16 at 11:26
  • See also http://security.stackexchange.com/questions/96630/secure-backup-encryption-with-openssl and the associated comments. – Diomidis Spinellis Sep 12 '16 at 11:39

0 Answers0