Task #1875
convert otr_keystore.ofcaes format to AES-256-GCM
| Status: | New | Start date: | 09/12/2013 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | 0.4 | |||
| Component: |
Description
Its currently AES-256-CBC, which is less than ideal.
- decrypt example code https://github.com/guardianproject/cacheword/blob/master/cachewordlib/src/info/guardianproject/cacheword/PassphraseSecrets.java
- hash passphrase with salt
- start file with the IV
- SerializedSecrets ss = new SerializedSecrets(salt, iv, encryptedSecretKey); and parse()
Related issues
History
#1 Updated by hans over 4 years ago
- Target version set to 0.4
#2 Updated by hans about 4 years ago
This pure python lib should make it easier to do this in python without OpenSSL:
https://code.google.com/p/slowaes
But GCM mode is not implemented there, only OFB, CFB, CBC.
#3 Updated by abeluck about 4 years ago
Interesting! We might also want to consider using Keyczar, it's a respeced crypto lib by Google that works in Java/Android and python (and C++). It abstracts all the crypto details to a high level.
The alternative is to not use GCM, but a more traditional, but more complicated, authenticated encryption approach like CBC+HMAC-SHA2. It's more complicated simply because you have two crypto primitives to deal with, but given that GCM isn't readily available, it might be the best option.