tags:

views:

481

answers:

3
+2  Q: 

How to communicate AES initialization Vector to client for hybrid cryptosystem.

I need to implemented security for client-server communication. I have implemented the following hybrid cryptosystem: http://en.wikipedia.org/wiki/Hybrid%5Fcryptosystem

To encrypt a message addressed to Alice in a hybrid cryptosystem, Bob does the following:

  1. Obtains Alice's public key.
  2. Generates a fresh symmetric key for the data encapsulation scheme.
  3. Encrypts the message under the data encapsulation scheme, using the symmetric key just generated.
  4. Encrypt the symmetric key under the key encapsulation scheme, using Alice's public key.
  5. Send both of these encryptions to Alice.

To decrypt this hybrid ciphertext, Alice does the following:

  1. uses her private key to decrypt the symmetric key contained in the key encapsulation segment.
  2. uses this symmetric key to decrypt the message contained in the data encapsulation segment.

I am using RSA For a public-key cryptosystem, and AES for symmetric-key cryptosystem. Every thing works fine, but I am not sure how to handle AES initialization vector. Currently, I am concatenating the AES key and initialization vector encrypting it with the public key and sending that to server.

I just wanted to get some opinions about this approach. How this problem is solved by other communication protocols SSL etc.

Thanks.

+2  A: 

I've done the same thing, and I handled it the same way - concatenate the AES key with the IV and encrypt them both.

You could also just send the key and use the key itself to generate an IV - for example by using the first 128 bits of a hash of the key as the IV. That should be OK security-wise as long as you are generating a new AES key for each session and not re-using the same AES key over and over with the same IV.

Eric Petroelje  2009-10-08 21:18:03
+1  A: 

There is no reason to encrypt the IV - you can send that in the clear. Just make sure you pick a new one each time (the same way you do the AES key).

That said, it is often convenient to package the AES key and IV together. Encryption of 16 bytes ain't that expensive.

Keith Randall  2009-10-08 21:22:33
+3  A: 
erickson  2009-10-08 21:42:33

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords