> From: owner-openssl-us...@openssl.org On Behalf Of Nico Flink > Sent: Monday, 05 December, 2011 06:31
> To avoid the padding problem I tried the AES OFB and CFB > streaming modes. Indeed this solves the padding problem. But > if I understand the concept of stream ciphers correctly every > bit is en/decrypted with a bit from the key stream. It seems > to me that because of that one always has to start decrypting > the file from the beginning to the end, without the > possibility to jump into the file at some desired point. Is > that correct? > Yes, and also for CBC which is a block mode. Unless of course you know or decide at encryption time what your decryption chunks will or can be, and do separate encryption chunks to correspond. > What I want to achieve is that I have one large encrypted > file from which I can extract smaller chunks of decrypted > data at several positions of the file without having to > decrypt the whole file. Is this possible at all and do you > have a suggestion what would be the best way to achieve this? > CTR (counter) mode definitely can do that. Basically it justs uses enc(key,N+0) XOR data block 0, enc(key,N+1) XOR data block 1, etc. Never use the same key AND counter range for different files. Either use different keys, or start each file at a counter that is guaranteed different. E.g. if you have a thousand files each of which will never exceed 1TB, you could use 0x100000,0x100001 etc. for file 1, 0x200000 etc. for file 2, etc. If you have different versions of the same file encrypted (at different times), you may need to give them different counter ranges (and thus update your mapping of file to initial counter), depending on what an adversary might be able to guess about the way(s) your files change. Over the past several years NIST has run an open process to develop new modes (much as it did AES and is doing SHA-3). See http://csrc.nist.gov/groups/ST/toolkit/BCM/index.html especially Modes Development. Some of these might be suitable for random-access like you ask for, but I don't know. I'm not sure how well they have been analyzed and which if any are or will become standards, but (except for GCM) they definitely haven't been adopted by TLS or implemented in OpenSSL, so you'd have to implement them yourself. (For existing modes, you can get Special Pubs 800-38* from the top level of that same website while you're there.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org