Do I have to randomize key in OpenSSL

212 views Asked by At

I would like to use AES_256_GCM in my software. The OpenSSL wiki page gives me an example: wiki page.
It shows that only function EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) uses key.
My key is SHA3_256 hash of a password (Qt implementation of SHA3_256).
I would like to know if I have to use PKCS#5 to randomize the key or the function takes care of that.

1

There are 1 answers

2
jww On

My key is SHA3_256 hash of a password (Qt implementation of SHA3_256).

You should probably digest the password into a key with OpenSSL's PKCS5_PBKDF2_HMAC_SHA1. See How to use PKCS5_PBKDF2_HMAC_SHA1().


It shows that only function EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) uses key.... I would like to know if I have to use PKCS#5 to randomize the key or the function takes care of that.

Each encryption of a string or file should get its own random IV. IVs cannot repeat. Your other option is to use a random key for each string or file.

The output of the encrypt operation is the {IV,CipherText} pair.


AES_256_GCM is a good choice. One of the few ways it could get better is with an Integrated Encryption Scheme. You might take a look at openssl-pkey-ec-ies on GitHub. Crypto++ and BouncyCastle also have Elliptic Curve Integrated Encryption Scheme implementations, so you have other choices.

Be sure to test interop. They interop, but it takes some knob turning. The problem with interop is there are so many standards providing it, and each is slightly non-interoperable.

To give you an idea of the nuances, ECIES calls out that a particular variable gets hashed (its the length of a given string of data). One standard represents the variable in 4 octets, another in 8 octets. That's the only difference and causes interop issues if you are not aware.