2

I am currently working on a little project.

I am trying to generate an AES key with that I would like to encrypt a private RSA key. I have to do it this way. However, I do not want to save the AES key, but generate it everytime when I would like to decrypt my RSA key.

I wanted to use AES in CTR mode with random IVs. Since the plaintext the AES encrypts does not matter, I figured I just used my initial starting IV to be encrypted with the AES itself. As a passphrase I have a user's password in plaintext. 

CCBox._user.masterkey = CryptoJS.AES.encrypt(CCCBox._user.serial, CCCBox._user.password ,
                                {
                                    iv: CCCBox._user.serial,
                                    mode: CryptoJS.mode.CTR
                                });

I am using the CryptoJS library. CCCBox is my Javascript class. Actually I am saving the IV ( the CCCBox._user.serial ) in my database as well, but I would like to change that as well.

The problem is, that whenever I generate the masterkey I do not get the same key twice. What way is there around so that I can allow a user to generate its own masterkey everytime without saving it in my database ?

All the best, Richard

Richard
  • 125
  • 1
  • 5
  • 1
    What you're doing is way more complicated that it needs to be. I think what you're looking for is a [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2). You can feed it the user's password, and as long as you feed it the same parameters, it will give you the same fixed-length key. You can use that key for your encryption and later decryption. Also, it makes perfect sense to get different outputs in your case, you're generating a random IV, the whole point of the IV is to get a different starting state in order to prevent getting the same ciphertext for the same plaintext. – Adi May 23 '13 at 22:12
  • If you really have to do it this way, why AES encrypt the RSA key, and not the other way around? Please read the [RSA maximum bytes to encrypt, comparison to AES in terms of security?](http://security.stackexchange.com/q/33434/20074) thread for explanation on what I mean. – TildalWave May 23 '13 at 22:23
  • @TildalWave Why would you suggest the other way around? The guy might just be trying to protect his private RSA key with a password. RSAing your AES keys is a totally different matter (used in SSL, for example). I might agree with you that what he's doing doesn't make much sense, though. – Adi May 23 '13 at 22:26
  • @Adnan - Then I guess I have problems extracting OP's intended use from the question. It's by far more usual to see it the other way around, but yes, there would be cases where you'd symmetrically encrypt the private key also, as you said. Still, I'd expect AES to repeat more frequently in the suggested model then. – TildalWave May 23 '13 at 22:35
  • Thanks Adnan & TidalWave for the quick responses! In fact, I would like to protect my RSA private key. Thats the only purpose. And I do not want to store in any matter the key with which I protect it. I will accept Adnan's answer as it seems more practical for me at the moment. Thank you. – Richard May 23 '13 at 22:35
  • Yes, in that case, @Adnan anticipated your intended use correctly, and I apologise for not seeing it as well. – TildalWave May 23 '13 at 22:38
  • 1
    @TildalWave Naah, you just need [one of these](http://artspacenh.org/content/CWOS12/crystalball.jpg). – Adi May 23 '13 at 22:40

1 Answers1

3

If I understood your question correctly, you're trying to generate an AES key using AES and the user password as a key, then use that key to encrypt an RSA key.

Granted, AES will give you a very indistinguishable ciphertext that you can use as an encryption key if you wanted. But AES isn't really a password-based key derivation function, mainly because it's pretty damn fast.

What you're looking for is PBKDF2. You can feed it the user's password, and as long as you feed it the same parameters, it will give you the same fixed-length key. You can use that key for your encryption and later decryption. So you'd end up with something like this:

Enrypted_RSA_Key = AES-CTR(RSA_KEY, PBKDF2(USER_PASSWORD))
TildalWave
  • 10,801
  • 11
  • 45
  • 84
Adi
  • 43,808
  • 16
  • 135
  • 167