Random-access file encryption

Frank O'Dwyer (fod@brd.ie)
Wed, 16 Dec 1998 12:04:34 +0000

• Next message: John Young: "Skipjack KEA Errata"
• Previous message: Mok-Kong Shen: "Re: WEAK3-EX -- A Layman's 56-bit Data Encryption Algorithm"

I'm looking for a good technique for encrypting & integrity protecting
files so that they can still be randomly accessed and updated. I'm
familiar with Matt Blaze's approach to this in CFS, but presumably there
are others. I'd also be interested in any comments on the following
approach:

Assume there is some master key Km for the file, then:

(1) split the file up into fixed size blocks (say 1K).

(2) To protect a block, compute Kbp=SHA1(1,Km,BN) and Kbi=SHA1(2,Km,BN),
where BN is the position of the block in the file. Use Kbp as an
encryption key and Kbi as a MAC key. Compute a MAC over the cleartext
concatenated with BN, then using a random IV encrypt the cleartext and
the resulting MAC, store that and the IV in the file.

(3) To read back a block, compute the keys as before, decrypt then
verify the MAC. Reject blocks whose MAC doesn't verify.

Cheers,
Frank O'Dwyer.

• Next message: John Young: "Skipjack KEA Errata"
• Previous message: Mok-Kong Shen: "Re: WEAK3-EX -- A Layman's 56-bit Data Encryption Algorithm"