For AES based encryption on TCP/IP connections, I am guessing I have to do the following:
Have the 2 parties share a common key, assuming I am doing AES-128 then a sequence of 16 bytes. Ideally the bits are securely random.
Since we are running AES in CTR mode and the secret key is fixed, we must choose a securely random IV for each stream instance. Since a TCP/IP connection is actually full-duplex I assume I need 2 IVs per connection, one for each direction. I also need to transmit each IV to the other end in order for the corresponding stream to be decrypted.
My question is, for the IVs, should I be encrypting the IVs with my secret key before sending them over? I was told IVs don't have to be kept secret. Is there any security benefits if I do encrypt them before sending across?
ps. you may wonder why I am not using SSL/TLS. Our application does support SSL/TLS, but we also want to support alternate symmetric encryption mode where connection overhead can be minimized, as clients constantly disconnect and reconnect.
Aucun commentaire:
Enregistrer un commentaire