[botan-devel] Question about exceptions
smurphy at walbro.com
Fri Nov 7 11:17:18 EST 2014
> > What I'm finding is that if I take some original text, and run it
> > through encrypt() that seems to work fine, I get what appears to be an
> > encrypted string back. If I decrypt() that new string, I get my
> > original text back so long as encryptKey in encrypt() matches
> > decryptKey in decrypt(). So far so good, I'm getting back what I
> > expect when I use the same key. But if decryptKey doesn't match
> > encryptKey, the call to pipe.process_msg() in decrypt() throws a
> > Decoding_Error exception with the text "PKCS7". I had expected that
> > if the keys didn't match, I would just get garbage back, not a thrown
> > exception. So am I doing something wrong? Or am I just
> > misunderstanding something?
> For certain modes (like counter) you would indeed just get some garbled
> data back. However CBC specifically requires a padding mode of some kind
> (because CBC can only process full blocks, so with AES 16 bytes at a time).
> These padding modes have a specific defined format that is checked on
> decryption, when you decrypt with the wrong key obviously that format will
> most of the time not be met and you get an exception. This is not foolproof
> though: if it turned out that decrypting the last block had a single 1 byte as
> the last value, this would be silently accepted and for the last block you'd get
> 15 (16-1) garbled bytes.
> Keep in mind for something like this that you'll also need a good
> authentication code with your messages. As (rather unintuitively) it turns out
> that if you don't, and an attacker can send you messages and figure out
> which messages have invalid padding (via error messages or timing of
> responses or a cache-based side channel attack) they can often decrypt
> arbitrary messages. Google "padding oracle attacks" for more on that.
Thanks for the advice. Is there a good list of the pros and cons of the different modes? I think for our application, I'd prefer to choose a cipher/mode that just happily returns garbage back for wrong passwords, instead of throwing exceptions.
We're just trying to lightly shield a text config file from casual prying. If someone really wants to spend time cracking our config file, we're kind of Ok with that, but we're just trying to put a little hurdle in the way.
Also, is there a good discussion anywhere of:
- all the ciphers offered by Botan
- how to properly use each one? I've found a few examples here and there, but I'm so new to cryptography that I'm definitely out of my element at the moment!
More information about the botan-devel