symmetric encryption algorithms

kong · July 19, 2023, 9:04am

PGP can use several symmetric encryption algorithms. How is the algorithm selected when encrypting a message?
Is it possible to see or change this in Delta Chat?

link2xt · July 19, 2023, 9:08am

Delta Chat uses 128-bit AES.

The core encrypts with a Default algorithm here:

github.com

deltachat/deltachat-core-rust/blob/6d37e8601e51c29b40681ecb6606e8e023959e61/src/pgp.rs#L253


      
                  .collect();
              let pkeys_refs: Vec<&SignedPublicKeyOrSubkey> = pkeys.iter().collect();
          
              let mut rng = thread_rng();
          
              // TODO: measure time
              let encrypted_msg = if let Some(ref skey) = private_key_for_signing {
                  lit_msg
                      .sign(skey, || "".into(), Default::default())
                      .and_then(|msg| msg.compress(CompressionAlgorithm::ZLIB))
                      .and_then(|msg| msg.encrypt_to_keys(&mut rng, Default::default(), &pkeys_refs))
              } else {
                  lit_msg.encrypt_to_keys(&mut rng, Default::default(), &pkeys_refs)
              };
          
              let msg = encrypted_msg?;
              let encoded_msg = msg.to_armored_string(None)?;
          
              Ok(encoded_msg)
          })
          .await?

Default algorithm is defined here:

github.com

rpgp/rpgp/blob/e557ec7aafa09476981f240c68d35e5a9d295b8e/src/crypto/sym.rs#L90-L91


      
          #[default]
          AES128 = 7,

kong · July 19, 2023, 1:21pm

Thank you very much!
That is, in order to use AES-256, I must build the application with different parameters?
I will try.

Are there any plans to add the choice of encryption algorithm to the program settings?

link2xt · July 19, 2023, 2:44pm

There are no plans to add such low-level options to the UI.

We could probably switch to AES-256 if there is a good reason to, but as far as I know it does not practically matter except that it would make encryption and decryption slower.

One reason to use it could be that other messengers use it, e.g. Signal is using AES-256 in Double Ratchet, WhatsApp claims to use AES-256 in their security whitepaper and likely uses Signal’s implementation, Matrix uses AES-256 in Olm and Telegram uses AES-256 in MTProto too. Threema uses Salsa20 with a 256-bit key.

kong · July 19, 2023, 6:14pm

All clear.
Thanks for the quick and complete answer!

link2xt · September 11, 2023, 5:37pm

I have made a PR to put the constants for AES-128 and SHA-256: refactor(pgp): add constants for encryption algorithm and hash by link2xt · Pull Request #4696 · deltachat/deltachat-core-rust · GitHub This will make it easier to switch to new ciphersuite in the future.

I have decided not to make any changes for now, because even AES-128 to AES-256 change is not uncontroversial. AES-256 is not just a bigger AES-128, it is an additional construction on top of AES-128 that may actually make security worse. See the blog post Another New AES Attack - Schneier on Security which announced that and recommends not to use AES-256 for new systems and “Best public cryptanalysis” section on page Advanced Encryption Standard - Wikipedia

kong · October 20, 2023, 2:04pm

Thank you for the interesting information about AES and the changes in the program!

Will it be enough to enable AES 256 mode to change the value in this line?

github.com

deltachat/deltachat-core-rust/blob/16320357845da5cd963f7f3597c2ae18a2b8b6b9/src/pgp.rs#L33


      
          use crate::tools::EmailAddress;
          
          #[allow(missing_docs)]
          #[cfg(test)]
          pub(crate) const HEADER_AUTOCRYPT: &str = "autocrypt-prefer-encrypt";
          
          #[allow(missing_docs)]
          pub const HEADER_SETUPCODE: &str = "passphrase-begin";
          
          /// Preferred symmetric encryption algorithm.
          const SYMMETRIC_KEY_ALGORITHM: SymmetricKeyAlgorithm = SymmetricKeyAlgorithm::AES128;
          
          /// Preferred cryptographic hash.
          const HASH_ALGORITHM: HashAlgorithm = HashAlgorithm::SHA2_256;
          
          /// A wrapper for rPGP public key types
          #[derive(Debug)]
          enum SignedPublicKeyOrSubkey<'a> {
              Key(&'a SignedPublicKey),
              Subkey(&'a SignedPublicSubKey),
          }

link2xt · October 20, 2023, 3:51pm

Yes, you can replace 128 with 256 here if you want and Delta Chat should encrypt messages with AES256.