Why is the length of plaintext fixed
Closed this issue · 1 comments
Why is the length of plaintext fixed
The encryption algorithm we use requires the plaintext to be one of a set of very specific values - the "rth roots of unity" for the field over our elliptic curve. The library provides a gen_plaintext function that will generate one of these values randomly, and a derive_symmetric_key function that will convert this random value to a 32-byte value that can be used as an AES256 encryption key.
To encrypt an arbitrarily long plaintext message, you use these two functions to generate a random symmetric key, then use AES256-GCM to encrypt your data (which we refer to as a document). You can then encrypt the original Plaintext value from gen_plaintext (which is referred to as a Document Encryption Key, or DEK), using the encrypt function in this library, creating an Encrypted Document Encryption Key, or EDEK. You need to keep this EDEK together with your encrypted document - to retrieve the document, you use the recrypt-rs library's decrypt function to retrieve the DEK, then use AES256 and that key on the encrypted document to retrieve the original document.