Search code examples
encryptionopensslaes

openssl ccm encrypt a string, how to save tag?

i need to write an encrypted text to a file and then subsequently read the file and decrypt the text. i wanted to use authenticated encryption with openssl evp with ccm, but ccm produces a tag which later must be used to decrypt the text. the question is - how to store this tag and reuse it across file reads in an isolated pc env (no internet)?

i'm new to encryption, but already appending the tag to the encrypted text before writing to the file and then ignoring the tag bytes when decrypting, kinda smells of bad approach. any hints how to solve this? i cannot ask the user to provide a password before writing/reading the text. the environment is not highly security-sensitive

Solution

  • The tag, frankly, is the point of CCM (or GCM). You can

    • Delay writing to a file until it's calculated, prepend the tag and nonce (on decrypt, read tag, read nonce, decrypt rest).
    • Write the nonce, then the ciphertext, then the tag. Recover appropriately
    • Write the nonce and/or tag to a separate file.
    • Any of the above, but with more structure than concatenation (e.g. a DER SEQUENCE)

    If you're using CCM or GCM you MUST use a different nonce every time you use the same key. Failure to do so can lead to key compromise. (And there's no "well, I know that, but it doesn't matter in this case..." because today's intentionally sloppy code is tomorrow's multi-million dollar bug once it gets copied (as a reference example) to another location).

    It is quite common to have nonce, ciphertext, and tag (and "additional data") transmitted in the same message, such as in TLS and IPSEC.