Verify if the key is correct and check the hmac of the payload #45
Labels
Comments
|
Thanks! That would be nice. FYI, key verification has been implemented for some encryption method, e.g., I think key verification may be skipped by default but can be enforced in the strict mode or the like (or otherwise, enabled by default and skipped with the force option.) |
|
Thanks for letting me know! I did not notice it. I only searched the code of agile crypto and found nothing. It looks they are quite similar. (Update: the idea is similar, but of course the implementation differs) My intuition is we check the password and verify the integrity by default. Meantime, we allow the decryption to proceed even if the check fails, which is also the default. I will think about it later. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
I found this repo after I made my own ad-hoc implementation. The code here is well-structured. However, it seems you do not check if the key supplied by the user is correct before decrypting the file. Also, the hmac of the encrypted payload is not verified.
I have implemented them according to the spec. When I have some time, I will submit a pull request with these two features added.
As for Agile, one can verify if the key is correct using "encryptedVerifierHashInput" and "encryptedVerifierHashValue". And verify the hmac of the payload using "encryptedHmacKey" and "encryptedHmacValue". I did not check other cryptos supported by this repo.
The text was updated successfully, but these errors were encountered: