Score:3

Encrypt/Cipher and Decrypt/Decipher a string with a secret

cn flag

In developing an app I have a simple use case in where I want to encrypt/cipher a string (it could also be a couple of bytes because it's essentially just an IP-Address). On the output I think it would be best to have a hex-string (thinking of the old md5-hashes). No one who hasn't the private key shouldn't be able to decrypt/decipher the IP-Address.

The flow is as follows: I have a string (IP-Address from a VPN-Network) and encrypt it with a private key (there should be only one private key, no public key or anything). A user receives the encrypted string, logs into my app, and submits it back to me so I can associate the user with the IP-Address. The IP-Addresses should remain private and in my hand only.

Does anyone of you familiar with cryptographic know how to perform this kind of encryption/ciphering or which method works good here? I'm willing to expend some effort into reading about how to perform this task, but I would appreciate if someone could guide me a little with their knowledge in which direction I'd have to go in this confusing field.

Kind regards

Maarten Bodewes avatar
in flag
Sounds like you just want to use a symmetric cipher, probably using an authenticated mode like AES-GCM. By the way, it seems like you want your key to be present during encryption and decryption: that we commonly call a **secret** key not a **private** key because you'd only expect a private key at one location.
Maarten Bodewes avatar
in flag
Note that the output of modern ciphers consists of binary, usually bytes. Those bytes can be represented or encoded as text using - for example - hexadecimals or base64url. However, the encoding / decoding is not considered part of the cryptographic algorithms (although it could of course be part of a protocol that involves cryptography). For instance, the output of the outdated MD5 algorithm is 128 bits / 16 bytes, but the output of the `md5sum` command line tool consists of hexadecimals and a file indication.
poncho avatar
my flag
Does the user manually enter the string? If so, it's important to keep it short. On the other hand, if the IP address we're talking about is an IPv6 address, that's already 128 bits, and so making the string 'short' may be unachievable with this approach - an alternative approach might be the 'tinyURL' approach - have the server keep a database of 'tags' and 'IP addresses', and give out the tags for the user.
fonzane avatar
cn flag
The user doesn't manually enter the string. I'm encoding it in a QR-Code. My solution right now is to use nodejs inbuilt crypto modules createCipheriv with an aes256 algorithm. My only doubt with this approach right now is that the output string is so long, I may not want to put it into an URL...
Maarten Bodewes avatar
in flag
Unfortunately giving a good answer would include a full analysis of your situation. However, I can tell that `createCipheriv` just uses CBC, which is not that efficient due to padding. Also, you should look at how to encode the plaintext in the minimum number of bytes. E.g. an IPv4 address could just take 4 bytes (and even less if it is always on the 10.x.x.x LAN of course, as you could leave out the 10).
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.