Is the keyfile that is generated encrypted?

Discussion related to AES Crypt, the file encryption software for Windows, Linux, Mac, and Java.
Post Reply
multibobwork
Posts: 9
Joined: Fri Mar 28, 2014 1:12 am

Is the keyfile that is generated encrypted?

Post by multibobwork » Thu Oct 15, 2015 1:36 pm

Hi,

I see the keyfile format and it says part of it is encrypted. What is encrypted and what is not encrypted? So for AES a key, IV, key size, IV size, block mode is needed. I assume all of these are in the generated keyfile using genkey. Please send details. I am trying to figure out if these fields are in clear text.

Regards,

- Bob

User avatar
paulej
Posts: 524
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: Is the keyfile that is generated encrypted?

Post by paulej » Thu Oct 15, 2015 3:57 pm

The utility called aescrypt_keygen only writes out a random string of characters in UTF-16LE format. There's no more structure to it. Basically, it's the same as a password, but one that would generally be more random and longer than a user-entred password.

The IV used to encrypt the file is in the file, not in the key. Every .aes file has a unique IV. The file is encrypted in only one mode: AES CBC using a 256 bit key. That's all kaid out in the file format documented on the aescrypt.com site.

multibobwork
Posts: 9
Joined: Fri Mar 28, 2014 1:12 am

Re: Is the keyfile that is generated encrypted?

Post by multibobwork » Thu Oct 15, 2015 4:04 pm

Hi,

Thanks for the reply so where is the AES key that is used with the IV. Is it embedded in the API?

Regards,

- Bob

User avatar
paulej
Posts: 524
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: Is the keyfile that is generated encrypted?

Post by paulej » Fri Oct 16, 2015 12:13 am

Iv don't fully understand your question. The IV is inside the .aes file. See the published file format.

multibobwork
Posts: 9
Joined: Fri Mar 28, 2014 1:12 am

Re: Is the keyfile that is generated encrypted?

Post by multibobwork » Fri Oct 16, 2015 12:33 pm

Hi,

Sorry I did not understand the API. You use PBE as password to generate the key which could be 128 bit or 256bit. The keygen utility generates a random password string which like a regular password is used to creates the key string. You store the IV and other AES parameters in the output AES file with the encrypted file contents. The Java API is hardcoded using a 256 bit key when encrypting and decrypting. I am not sure if the other APIs if you have the option of setting the key length. Is this correct?

Regards,

- Bob

User avatar
paulej
Posts: 524
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: Is the keyfile that is generated encrypted?

Post by paulej » Fri Oct 16, 2015 10:11 pm

Keys used in AES Crypt are always 256-bit.

They keygen utility, as you rightfully point out, does not generate encryption keys. Rather, it generates passwords that are hashed using sha256 to create that 256-bit key for AES. The hash is executed 8192 times, just to try to make it as random as possible, and certainly a long way from any potential revrse engineering on sha256 if known attacks ever surface.

I chose this option, because it makes it convenient for users. They can open those key files in notepad on Windows and copy/paste the password into the dialog box when trying to encrypt or decrypt.

Post Reply