While I was developing our chef encrypted attributes gem, I reviewed the current EncryptedDataBagItem code carefully and I want to propose some improvements. Here is the first.
A future EncryptedDataBagItem version 3 could have the following enhancements:
This makes it harder to break the encrypted data in case the HMAC is broken.
With the current implementation, in case the HMAC algorithm is broken or somehow exposes the HMAC key, the encrypted data key will be exposed (since it is the same) and, therefore, also the decrypted data content will be exposed.
- hmac - Using the same secret key for encryption and authentication in a Encrypt-then-MAC scheme - Cryptography Stack Exchange
This will avoid any possible HMAC false positives when the IV or the cipher is altered. In these cases, the data will be wrong but detected as good.
Generally speaking, all the data needed to decrypt the data, except the secret, must be HMACed.
- What information to include when calculating the HMAC of ciphertext - Cryptography Stack Exchange
- encryption - When authenticating ciphertexts, what should be HMACed? - Information Security Stack Exchange
I know it's a touchy subject. Any opinion or criticism is welcome.