Is this AES GCM + asymmetric schema secure?

cn flag

I want to use the asymmetric encription offered by a tool to encrypt my files and I would like to know if the following encryption process works, regardless of perhaps not optimal use.

  • Generate a 32-bytes-random-key inside the browser with window.crypto.getRandomValues

  • use sjcl crypto library for:

    • choosing AES algorythm cipher.aes
    • generating 4 words random IV vector random.randomWords(4, 0)
    • encrypting a file in GCM mode mode.gcm.encrypt (tag 128 bits)
    • concating IV and encrypted output producing the binaryFile1
  • use NaCl Networking and Cryptography library, through a tool that implements ECIES, for:

    • generating an encryptionKeypair using
    • encrypting the above 32-bytes-random-key with the ephemeralPublicKey (using the x25519 part of the schema x25519-xsalsa20-poly1305) producing the binaryFile2, a bundle containing the encrypted AES key and, among other metadata, the ephemeralPublicKey.
  • concat binaryFile2 + a-separator + binaryFile1 producing finalBinaryFile

  • keep the finalBinaryFile on the cloud until it is necessary to download it and then decrypt it through the reverse process using the secretKey I own.

To encrypt the files I could directly use the symmetric key keeping it safe but I would like to use a DB of shared static public keys, whose trustness I can assume valid.

kelalaka avatar
in flag
What is the question?
cn flag
I made the question explicit in the title. Thank you.
kelalaka avatar
in flag
Why don't you use well-maintained programs like Veracrypt or libraries like the [age]( (_age is a simple, modern and secure file encryption tool, format, and Go library_.)
Maarten Bodewes avatar
in flag
Complete reviews of cyptographic protocols and schemes is off topic. Using ECIES to encrypt a secret key is a bit spurious; you could use the key agreement part itself to establish a key. Of course, you'd also need to send the ephemeral public key for ECIES, something that is missing in your protocol. I don't see how you've established the static key pair of the receiver or how that public key is trusted, so the description is certainly not without fault nor complete.
cn flag
Thank you for your remarks Maarten. Actually I forgot to mention that in the `binaryFile2` there is also the ephemeral publick key so I will update the question. I am aware that I am asking about the validity regardless to the process of registration of the static key pair and relative trustness.
si flag

NaCL provides a set of crypto_box methods which do this all in one go. Libsodium provides an even easier set of crypto_box_easy methods.

cn flag
Thank you for your suggestion, My implementation has to be in javascript so I am just using a wrap of NaCl set that offers and manages key pair generations.
SAI Peregrinus avatar
si flag
There are JS bindings for libsodium as well.

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.