[Haskell-beginners] Cryptography

Magnus Therning magnus at therning.org
Wed Oct 8 05:07:19 EDT 2008 

On Wed, Oct 8, 2008 at 8:14 AM, Jeffrey Drake <jeffd at techsociety.ca> wrote:
>
> I have an application where I would like to use AES to have a
> public/private key pair and digitally sign/verify documents.

As another responder pointed out, AES is symmetric, i.e. the same key
is used for both encryption and decryption.  What you most likely want
is a layered approach, where you use AES to encrypt the payload and
then an asymmetric crypto like RSA to encrypt the AES key.  I'd
strongly suggest you locate a copy of Bruce Schneier's Applied
Cryptography to make sure you have a better understanding of what you
are doing.  Crypto is complicated, even renowned experts have been
known to get things wrong :-)

> I have found documentation for a library that does the encryption:
> http://www.haskell.org/crypto/doc/html/Codec-Encryption-AES.html
>
> However, it seems to have only two methods:
>
> encrypt :: AESKey a => a -> Word128 -> Word128
> decrypt :: AESKey a => a -> Word128 -> Word128
>
> A problem for me, I don't know where AESKey is supposed to come from, or
> how to use this to sign things. My ignorance of this topic does not
> help. Would it be correct to say that signing a document is similar to
> an MD5 hash on a document?

The key should come from a good random source.  That means you need
cryptographic randomness.  All major OSs come with reasonable sources
of randomness.  However, again, here be dragons and you need to know
what you're doing.  Weak randomness leads to weak keys.

MD5 is an example of a cryptographic hash, also known as a one-way
function.  That is it's easy to get the hash from a text, but _hard_
to go in the other way.  The MD5 algorithm produces a hash that is 128
bits.  It can be used for detecting tampering, but it isn't a
signature.  OTOH many implementations of signatures use a hash in
order to avoid having to sign the entire document.

I strongly urge you to read up on crypto before adding it to any code
you are writing.  It's simply too easy to get it wrong.

/M

-- 
Magnus Therning                        (OpenPGP: 0xAB4DFBA4)
magnus@therning.org          Jabber: magnus@therning.org
http://therning.org/magnus         identi.ca|twitter: magthe

More information about the Beginners mailing list