ietf-openpgp
[Top] [All Lists]

Re: [openpgp] [Cfrg] streamable AEAD construct for stored data?

2016-02-10 15:53:10
Hi,

To be clear, there are two separate use-cases, each of which make
sense without the other and require different technical solutions (but
could also make sense together):

1. Streaming-mode integrity protection:

[...]

To achieve goal #1 properly, it appears that what we need is not only
a MAC per chunk but a signature per chunk.

Different ideas:

 1. asymmetrically encrypt and sign the MAC key, make this a new packet
    type to be prepended to the symmetrically encrypted data
 2. derive the MAC key from the symmetric encryption key, sign it (but
    do not store it) and make this a new packet type to be prepended
    (thus saving the asymmetric encryption from #1)
 3. use an authenticating sym cipher mode with intermediate
    authentication tags, with the symmetric key asymmetrically signed
    (like #2)


4. What are reasonable upper- and lower-bounds for chunk sizes, and
what are the considerations behind them? 

... or put differently in light of idea #3: at what intervals would
authentication tags ideally be generated?


Best regards,

Nils

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>