I am working on a messaging system and plan to use ElGamal asymmetric encryption to protect the message contents during storage and transmission. (This would be in addition to TLS used during transmission.) What I want to know is if there are any inherent weaknesses in the ElGamal algorithm that I should be aware of or guidelines to the key bit size.
Assumptions:
- Messages will be short, so performance is less of a concern.
- Keys (and the associated user accounts) are disposable (short lived).
- Message retention will be minimized (days, not weeks or months).
- Messaging will be asynchronous as users are not expected to be online at the same time. (This is the main reason that I have ruled out the typical D-H key exchange to generate a shared, symmetric key.)
- Private keys will never leave the client device.
- Public keys will be stored in a database with the anonymous user account consisting of a username and hashed password.
- Using libgcrpt.
Aucun commentaire:
Enregistrer un commentaire