About

Infoencrypt is using AES 128 encryption, with random IV. And PBKDF2 (Hmac SHA1, 1000 iterations) is used for password. Result is signed with HMAC MD5, for verification, and then encoded using Base64

It's very common and secure configuration. Most cryptography tools supports this scheme, so you will be able to decrypt your message even without Infoencrypt, by using other tools.

Tech details

Initialization vector (IV)

Just a random value to initialize encryption, used to make result uniq even if same input and password were used.

See http://en.wikipedia.org/wiki/Initialization_vector

Encryption key

It's a PBKDF2 with following parameters:

  • 128 bit
  • HMAC SHA1
  • MD5 of 'www.infoencrypt.com' as salt (to reduce the ability to use precomputed hashes, a 'rainbow tables')
  • 1000 iterations

One important moment here: we also apply MD5 to the input password (that could be any UTF-8 string), before using PBKDF2. Just because we found that some implementations of PBKDF doesn't support non-ascii characters out of box, so we came to this base minimum

PBKDF2 makes it much harder to brute force your password, PBKDF2 significantly increases time to prepare input keys for decryption.

See http://en.wikipedia.org/wiki/PBKDF2

Encryption

We're using standard Advanced Encryption Standard (AES) encryption, with 128 bits block length. CBC for block chaining and and PKCS5 for padding.

AES became effective as a federal government standard on May 26, 2002 after approval by the Secretary of Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many different encryption packages, and is the first publicly accessible and open cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module.

from Wikipedia

See http://en.wikipedia.org/wiki/Advanced_Encryption_Standard and http://en.wikipedia.org/wiki/Cipher_block_chaining

HMAC

First 128 bit of output is HMAC MD5 digest of encrypted data (not original message), and used during decryption phase to validate that encrypted message is not corrupted.

Secret key is simply `infoencrypt.com,AES,128b` in binary representation ([0x69, 0x6e, 0x66, 0x6f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x41, 0x45, 0x53, 0x2c, 0x31, 0x32, 0x38, 0x62])

See http://en.wikipedia.org/wiki/HMAC

Output

Output is simply Base64 encoded binary data, suitable for emails, web, etc.

See http://en.wikipedia.org/wiki/Base64


Encrypt with InfoEncrypt

Start Using InfoEncrypt