2

I'm encrypting some file with AES-256-CBC, and I'm planning to store the cipher text in a json file, with something like:

{
    "data": "0123456789ABCDEF...",
    "salt": "00123ABCAABBCCDD...",
    "iv": "000111ABCCBBCCDDFD..."
}

Then, when I read the file again, I deserialized the data, and then I use the salt to rederive the key, and the iv to decrypt the file. Is this way of storage recommended/secure?

Please note that the data is not huge. It's barely some text, which is why I don't care if serialization increased the size of the data.

Why am I not just concatenating them in byte form? Because I want to have backward compatibility in the future by adding more meta data in the json file, like version, etc.

Why am I not writing the data in json as bytes? Because I can't garantee that the cipher text will not have ascii characters that may break my json file, like ", for example.

The Quantum Physicist
  • 1,049
  • 1
  • 8
  • 10

1 Answers1

2

Assuming you don't care about efficiency, then the only real issue is that you are using CBC mode which is unauthenticated. There is no cryptographic issue with storing values which are not meant to be kept secret in any arbitrary encoding, whether hex, or base64, or uuencode. In fact, the new LUKS2 format for disk encryption does exactly this, storing encryption-related data in JSON.

You should probably use base64 though, because hex is unnecessarily inefficient.

forest
  • 66,706
  • 20
  • 212
  • 270
  • Thank you for the authenticity hint. I'll be studying that. About hex vs base64, it's really not worth it. Hex is much easier to debug as every two chars is one byte. Efficiency is not really an issue here. We're talking about data that's never over a MB in size. – The Quantum Physicist Apr 22 '18 at 10:35
  • 1
    Just a nitpick, but authenticity and authentication are different in cryptography. – forest Apr 22 '18 at 10:41
  • I'm confused. The link you provided discusses athentication as the ability to verify that the data wasn't tampered with. Quoting: "Data authenticity (integrity) means that an authorized party (receiver), who possesses K, can check if the received data D is genuine". I'm confused becuase you provided the link as an explanation for authenticated encryption, and it talks about authenticity, and you say they're difference. I'd appreciate an explanation. – The Quantum Physicist Apr 22 '18 at 10:54
  • @TheQuantumPhysicist https://security.stackexchange.com/a/93324/165253. It seems like crypto terminology uses authenticated encryption (AE) to mean encryption which provides authenticity, oddly enough. In that sense, you get authenticity when integrity and authentication are joined together. If you prefer, authenticity is authentication applied to a piece of data through integrity. – forest Apr 22 '18 at 10:59