search

MatrixAI / js-encryptedfs

Encrypted Filesystem for TypeScript/JavaScript Applications
https://polykey.com
Apache License 2.0
10 stars 3 forks source link

feeding associated data in GCM cipher mode #5

Closed MeanMangosteen closed 5 years ago

MeanMangosteen commented 5 years ago

https://github.com/MatrixAI/js-polykey/issues/14#issuecomment-457084648

The 'with associated data (AD)' part means that you can feed additional data into the algorithm to tie the ciphertext to some context. This is so

attempts to "cut-and-paste" a valid ciphertext into a different context are detected and rejected.

Most commonly, the AD would be the header of an encrypted network packet, but in our case the AD could be the filename and/or metadata which would bind it its ciphered file data.

We have to decide what sort data would be most appropriate to use as AD. Or whether to use AD at all. It is optional.

CMCDragonkai commented 5 years ago

What is the AD used for here? Provide further integrity?

MeanMangosteen commented 5 years ago

From what I understand, it to provide integrity to information that is not part of the cipher text but still bound to the ciphertext. This would be plaintext stuff like salts, IVs, version numbers, config params in the header etc...

If an attacker were to manipulation them, the system will not be ignorant to the changes, as it will not be able to authenticate the manipulated data.

CMCDragonkai commented 5 years ago

What are we using this for? #11 or #8?

CMCDragonkai commented 5 years ago

So to conclude, the AD is useful for maintaining the integrity of chunk-level metadata. However #11 and #8 is about file level metadata where we are going to maintain both the plaintext metadata and encrypted-fs metadata. So this is not needed right now. When we have relevant chunk-level metadata, we can revisit this.