[Cryptography] How should we encrypt external mail attachments
John-Mark Gurney
jmg at funkthat.com
Tue Aug 3 17:48:47 EDT 2021
John Levine wrote this message on Mon, Aug 02, 2021 at 22:04 -0400:
> It appears that Michael Kjörling <michael at kjorling.se> said:
> >> My question is what algorithms to use? The file can be anything up to
> >> several gigabytes so they should be reasonably fast. It's OK if the hash
> >> and key are fairly large, since a few hundred or even a few thousand
> >> bytes in a mail message is not a big deal these days.
> >
> >Considering that e-mail itself is unauthenticated to begin with,
>
> These days most mail has DKIM signatures, which are sufficient to
> detect tampering between sender and recipient. Again, no reason to
> reinvent it. If you really want to make it more strongly authenticated
> we all know where to find PGP and S/MIME.
>
> >body, is there any particular reason not to go with the simple
> >solution of just about any cryptographic hash?
>
> Like I eaid, I wanted to see if I was missing somehing. Sounds like SHA-256 would be fine.
> For encryption, I guess AES CBC, so what IV should I use?
AES CBC is slow to encrypt due to it's data dependency.
I'd recommend something else, like AES-GCM-SIV:
https://www.rfc-editor.org/rfc/rfc8452.html
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list