I am encrypting text files using AES256 (no particular reason, that can easily b

Question

I am encrypting text files using AES256 (no particular reason, that can easily be changed). Before granting access to a file, I need to verify if a party knows the correct key, but without necessarily having direct access to the system's keyring (for instance, a file could be moved between different machines).

I thought of doing the following: before encryption I write the key on the first line of the file. Upon decryption I compare the key that is supplied by a user with the first line of the file decrypted using that same key. If they match it means that the user is authorized and I return the file minus the first line.

This can only be less safe than not including the key! But how much?

Explanation / Answer

If you have a good encryption algorithm, it shouldn't matter that you include the encryption key. However, better than storing the password itself you better store a salted hash. Or just a truncated version of it (the basis being that a user error is unlikely to mistype one of the very few colliding passwords, while a brute-force attack would not be able to use it for knowing for sure that it got the right password).

But we shall also take into account that we additionally want the file not to be modified. So we can just include a hash of the file and if it is there and matches what you decrypted, he knows the password. GCM as suggested by Stephen is also an alternative to including a hash.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.