3

I have a server which encrypts files with the same AES key. Users can upload a file and download its encrypted version. A user can upload as many files as he wants. Users can decrypt the documents via the server after a D date. A user may see an other user's encrypted document, but it would be a disaster if he could decrypt it before the D date!

I've read in other stack overflow post that using the same initialization vector can make chosen-plaintext attack easy. So I want to generate a different initialization vector for every uploaded file. Is it a standard secure way to add this IV to the encrypted document?

My first idea is that I encrypt it with a different AES key and simply concat it to the encrypted byte array. But I'd rather use a more standard solution for this problem.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
user1552545
  • 141
  • 4

2 Answers2

3

TL;DR: AES is safe against plain-text attacks.

If :

  • you do not reuse your IV
  • your IV are random
  • you use a correct mode of operation (not ECB...)

Then you are safe against such attacks (you need at least these 3 conditions to be met).

On a side note, IV can be public, it is not a problem.

Worth reading:

Community
  • 1
Biv
  • 10,088
  • 2
  • 42
  • 68
0

If you look at pretty much any of the many file encryption tools they are usually a hybrid system such as:

  1. Generate a new random key, $k$.
  2. Encrypt $k$ using some public key $p$: $w = Asymm_p(k)$
  3. Encrypt the message, $m$, using $k$ and a symmetric algorithm: $c = E_k(m)$.
  4. Throw away $k$ and $m$. Publish/send $c$ and perhaps $w$ depending on the situation.

This doesn't provide much, but it should provide confidentiality. When the date arrives the holder of the private key can decrypt $w$ and publish $k$.

Thomas M. DuBuisson
  • 1,894
  • 15
  • 20