My server generates an AES encrypted file which when downloaded acts as an input for an application. So, should I hardcode the symmetric key inside the application or should I randomly generate the symkey and hide it inside the encrypted data. The size of my encrypted data being few Kilobytes.
Asked
Active
Viewed 391 times
2
-
3Hardcoding keys will prove to give no security. Hiding keys within the encrypted data would require a second encryption to execute - making it impossible to decrypt without that key. What you would want to read up on is Public / Private keys - asymmetric encryption. I.e. on here: http://www.sitepoint.com/encrypt-large-messages-asymmetric-keys-phpseclib/ – Alex Mar 28 '15 at 19:32
-
@Alex I already use that, but can't be used for large data, it is actually to encrypt the rsa keys only – adnan kamili Mar 28 '15 at 20:27
-
If you're sending the keys for use, consider key-exchange algorithms. If you're doing it for storage, you should still use asymmetric encryption to send the data and ship your application with the server's public key and then send everything on a secure SSL / TLS line. If you click the link I provided, you can see that there is a way RSA could be used to encrypt an unknown amount of data. – Alex Mar 28 '15 at 22:33