Allow variable AES key sizes in conceal about conceal HOT 8 CLOSED

Conceal currently uses 128 bit AES in GCM mode. For the mac it uses SHA1 HMAC. Are there any other particulars you wanted?

from conceal.

Closing out. feel free to reopen if you have further questions

from conceal.

@siyengar Can the implementation be modified to use AES 256? Please advise. Thanks!

** Question Update ** With NativeGCMCipher accept any valid AES key size (128, 192, or 256) for keys generated by the key chain? I implemented a custom key chain that generates a 256-bit key, and was able to encrypt my data, but wanted to confirmation that this is valid.

from conceal.

@jlchoike-DL currently the native code enforces a AES128 key size https://github.com/facebook/conceal/blob/master/native/crypto/gcm_util.c#L51 because it uses AES128.

I need to add a feature to allow multiple key sizes. Thanks for checking.

Is there a business reason you need AES256 vs 128. AES128 should be pretty strong for modern applications.

from conceal.

@siyengar I have the same request. My business reason is that my client requires it. I would love to be able to use conceal at least for the AES-128 and AES-256

from conceal.

@mandrachek sounds good, bumping the priority of this request

from conceal.

@siyengar I have business requirements to use AES-256 bit encryption. Thank you for responding so promptly!

However, I just learned that the inclusion of Open SSL has precluded my team from using Conceal because of the presence of BSD 4-Clause license (involving advertisement when OpenSSL code is used).

Have you considered any alternatives to OpenSSL for AES-GCM (e.g. BountyCastle)? I think this would eliminate the restriction on using Conceal.

from conceal.

@jlchoike-DL I don't want to speak for @siyengar , but that would defeat the performance enhancements this library provides.

from conceal.