Score:1

What is the best way to save ChaCha20 Nonce in Cipher-Image BMP file?

in flag

I have a question about ChaCha20. As far as I know ChaCha20 is a cipher algorithm that uses 4 inputs:

  1. Key (secret)
  2. Constant (not secret)
  3. Block Number/Counter (keystream block number)
  4. Nonce (random number per encryption/key & considered non-secret)

My question is how do I store a 12-byte (96-bit) ChaCha20 Nonce on a Cipher-Image/CipherText, specifically a BMP file?

illustration

I want to do this so that the Cipher-Image can be decrypted by other users using the same key & nonce when the Plaint-Image was encrypted before.

I know that BMP has a dedicated header space of approximately 54-bytes and thought to put Nonce in it. But I doubt if this won't interfere with the header file information already in the Plaint-Image.

I'm also thinking of putting a 12-byte Nonce at the end of the file, but I doubt whether the file will still be read by the image viewer application (cmiiw).

What is the most appropriate solution for this problem?

Paul Uszak avatar
cn flag
Putting nonce at the end works with standard Ubuntu viewers :-) Or perhaps you could append to the filename in hex?
Paul Uszak avatar
cn flag
You may still face the issue of authentication if you (kinda) roll your own crypto...
Paul Uszak avatar
cn flag
Is there any particular reason the cipher text has to be a valid `.bmp`? You can always use a cleverer viewer like `ImageMagick` or `GIMP` to load the ciphertext as raw pixel values. All cipher text kinda looks the same, anyway. Important bonus of doing it my way: you can use standard encryption libraries that you can be certain of working securely, and the authentication issue is resolved.
akez avatar
in flag
@Paul Uszak. Thank you for your advice. Actually I just want if the BMP file can be opened by the built-in image viewer which is widely used, like in Windows 7 & 10. (Considering the number of users).
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.