Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

file encryption/decryption solution

Posted on 2008-10-12
3
Medium Priority
?
847 Views
Last Modified: 2008-10-27
Do you have any suggestion on encrypting data/configuration files ~1-5mb size (I need to encrypt the files at the server and the c++ client app running on users laptop downloads them via http) and key mangement? I might be able to get way with one set of keys for all clients. suitability of symmetric vs asymmetric, how to mange keys, specific implementations you could recomend. please share if you have any experience.
0
Comment
Question by:ponnen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22705558
Well, files that size you are looking at symmetric - these days there is little reason NOT to use AES in CBC mode, except when the terminal client is very restrictive (certain mobile phones)

However, you are probably best to use a hybrid approach - this is the usual configuration for transporting files, where you in fact send the recipient two things; the first is the file and the second is the key -  which is randomly generated per file, then itself encrypted to the recipient's public key.

That said - you might find it easier and cleaner to just use https and transport the file entirely via that method; that way, the transport level libraries handle the crypto for you, and you need only worry about confirming your server key is correct and leave the rest to automation.
0
 

Author Comment

by:ponnen
ID: 22709336
Thanks Dave.
I need to keep them encrypted on the client as well so I am not looking at TLS (performance of transfer is the issue). Could you suggest API/tools to generate AES and could you elaborate on "CBS mode". Could I use openssl to generate AES key and use them with standard java crypto API ?. Are there c++/C# API's to do decryption given the key on the client side? Could anybody could point to an example... (s it too much to ask for :)

thanks.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 750 total points
ID: 22709833
Usually, with java or C# it is recommended you use the much superior Bouncy Castle java libraries - they are compatible with openssl.

http://www.bouncycastle.org/

there are extensive examples given with the libraries.

CBC mode is one of the standard supported modes for AES - in effect, each block becomes dependent not only on the key but the box preceding it, which hides patterns that might be visible at the block level.

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation gives a good overview, but tbh its easier to just read it as "EBC leaks data, CBC doesn't so use CBC"

0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question