XtsStream encryption key

0 votes
asked 5 days ago by Denis T (120 points)

Hello,
We are considering XtsStream for encrypting/decrypting data on one end of our two-direction data exchange mechanism (the other would be XTS AES implementation developed on SWIFT). As I see actual key is derivative of some 'password'. Also size of encrypted data is increased by 64 bytes (I guess it's header with size or something). The questions are:
1. Can we set plain symmetric key for encryption/decryption by XtsStream?
2. Can we get the plain encrypted data out or XtsStream to be provided to the other XTS AES implementation given we know the key, block size and data size?

Thanks,
Denis

1 Answer

0 votes
answered 4 days ago by Lukas Matyska (39,900 points)

It seems that you need rather low level of the XTS-AES implementation instead of XtsStream, which is high-level API.

I have made our internal XTS-AES implementation public, so you can use it now like this:

using (var xts = new Rebex.Security.Cryptography.Xts(encryptionKey, tweakingKey))
{
    Console.WriteLine(BitConverter.ToString(plaintext));

    xts.EncryptSector(tweak, plaintext, 0, plaintext.Length, encrypted, 0);

    Console.WriteLine(BitConverter.ToString(encrypted));

    xts.DecryptSector(tweak, encrypted, 0, encrypted.Length, plaintext, 0);

    Console.WriteLine(BitConverter.ToString(plaintext));
}

Please note, that if you want to encrypt (or decrypt) data using more EncryptSector calls, the input sector (data length) should be multiple of the Xts.BlockSize (currently 16 bytes).

Also please note, that the single sector (input for the EncryptSector method) has to be at least Xts.BlockSize bytes long (currently at least 16 bytes).

You can download trial version here.

If you need other platform build or you want to receive full version, please let us know at support@rebex.net.

...