[Cryptography] How should we encrypt external mail attachments
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Aug 3 02:41:56 EDT 2021
John Levine <johnl at iecc.com> writes:
>Sounds like SHA-256 would be fine. For encryption, I guess AES CBC, so what
>IV should I use?
Just use HKDF to generate all the crypto material you need. So the email
embeds a fixed-length secret value and then:
AES-key = HKDF( secret, "encryption" );
SHA-key = HKDF( secret, "authentication" );
IV = HKDF( secret, "IV" );
This means you can later switch algorithms and modes if required without
having to mess with the details of key sizes and cryptovariable types.
Peter.
More information about the cryptography
mailing list