0

I need to store a big message encrypted on a server. What I am about to do is:

  1. Encrypt the message with a AES key;
  2. (Authentication) Hash the message with SHA512 and encrypt the hash with RSA priv key (signature);
  3. Encrypt AES key, IV and item above with destination RSA public key.

Where HMAC can help? I have authentication of information and encryption, already, so should I use it?

João Rodrigues
  • 27
  • 3
  • 6
    You should _not_ encrypt anything "with RSA priv key"; see [these](http://crypto.stackexchange.com/q/14875/991) two [answers](http://security.stackexchange.com/a/68836/49075). –  Oct 21 '14 at 18:24
  • Why are you encrypting the AES key? Why are you encrypting the IV (which may be considered public)? Why are you encrypting the HMAC? Why not just use an authenticated encryption mode like GCM or CCFB? You appear to be adding significant complication for no discernible purpose. – Stephen Touset Oct 21 '14 at 21:39
  • Isn't the IV needed to decrypt AES using CBC? I encrypt the AES Key so other well-identified people can decrypt it using their private keys. – João Rodrigues Oct 21 '14 at 21:50

2 Answers2

2

HMAC is generally more applicable to situations where two entities want to communicate securely over the internet. It provides two key things, confidentiality and integrity. confidentiality by proving the remote client has possession of the "secret" ingredient, integrity, through validation of message digest.

In your use case, local storage encryption, encrypting the Symmetric key with RSA Public key should work just fine, so long as you are protecting the private key with strong protection mechanisms.

One more thing, in step2, why are you hashing the message digest with RSA private key?, It's better to use the public key instead.

Nathan Zburivsky
  • 36
  • 1
  • That was supposed to be the file's signature for authenticity, but I decided to not encrypt the signature alongside the AES Key and IV. I wanted to sign the file, so I hashed it and then I would encrypt the hash with my RSA private key so others can verify if the file is authentic or not by decrypting it with my RSA public key and checking if the hash is equal to the decrypted and hashed file. – João Rodrigues Oct 24 '14 at 18:23
0

Before I give my answer, lets first go over the subject of HMAC.

Hash-based message authentication code (or HMAC) is a mechanism for calculating a message authentication code involving a hash function in combination with a secret key. This can be used to verify the integrity and authenticity of a a message.

Now HMAC authentication guarantees the authenticity of the request by signing the headers, this is especially the case if content-md5 is signed and checked by the server AND the client. In most situations I have used HMAC to have a more robust level of security.

But be advised, using HMAC opens you up to a larger understanding of how HTTP works, which can either make things harder on you or easier depending on your depth of knowledge.

HMAC alongside AES is a great set to have. In my opinion I would use it.

Also keep in mind that if you tend to keep this encrypted information on a server for long periods of time you should keep the secret key fresh monthly or maybe bi monthly pending on how you structure your security.

Cameron Does Things
  • 582
  • 3
  • 10