Is AES encryption with a custom (non-varying) key secure enough?_问答_开发者

Is AES encryption with a custom (non-varying) key secure enough?

开发者 https://www.devze.com 2023-04-03 07:25 出处：网络

Alright so my question isn\'t as professional as it can be. Basically I want to know, do you think it\'s secure enough to encrypt messages with AES and a custom (but static) key?

Alright so my question isn't as professional as it can be. Basically I want to know, do you think it's secure enough to encrypt messages with AES and a custom (but static) key?

I want them to be decryptable with t开发者_JAVA技巧hat same key but at the same time I don't want anyone who doesn't know the key to get access to them.

I've read that AES is the only government approved encryption method, not sure if its true or not but either way, does not say much.

AES is a secure block cipher algorithm (this is the current opinion of the cryptographic scene), if it is used correctly.

This means, that you should use a secure mode of operation - not ECB mode, and a random initialization vector for each message (this can be sent together with the message).

Of course, being a symmetric cipher, this means that you need to have a secret (and authentic, I guess) way to negotiate the key beforehand.

This is not a good idea if you want to embed the key in a software you are deploying to computers you don't control - use a hybrid scheme with a public-key algorithm in this case, as mentioned by Michael.

The standards that are government approved are all specified by NIST in standard FIPS 140-2. Not sure what you will be encrypting to know how secure you need, but one thing to consider would be implementing a hybrid cryptosystem. You could use something like the Cryptographic Message Syntax (CMS) [RFC 5625] or possibly even OpenPGP [RFC 4880] format.

Essentially these systems generate a random encryption key to use with AES to encrypt your data. Then you would have a public certificate from the recipient that you would use with an algorithm like RSA to encrypt the random key. Then the two encrypted pieces are combined into a single message. The recipient then uses their private key and public certificate to decrypt the AES key, then can decrypt the data.

AES is fine. Use it in CBC mode or CTR mode. ECB mode is insecure.

A static key is insecure; as soon as an attacker discovers it all past and all future data transfers are no longer secure. You need to change the key regularly, ideally a new key for each message.

Michael's suggestion to use RSA/Public Key to transfer the changing key is fine, or alternatively use Diffie Hellman to generate a new key with each recipient as it is needed.

You will find that a lot of this stuff is already built into crypto libraries; your general problem is not a new one.