Looking for strong key en/decryption algorithm which will “loudly” fail on corrupt or modified data?

You said that you want to use public/private key algorithm so asymetric. For example RSA encryption is using PKCS#1 padding. If you use Cipher.

GetInstance("RSA") this padding is default. If decryption fails it is very probable that padding will be corrupted. In java you will get BadPaddingException.

You said that you want to use public/private key algorithm so asymetric. For example RSA encryption is using PKCS#1 padding. If you use Cipher.

GetInstance("RSA") this padding is default. If decryption fails it is very probable that padding will be corrupted. In java you will get BadPaddingException.

Nevertheless I strongly suggest using hashing (even fast MD5) or simple control sum instead. Look how it is done in IPSec. IPsec uses symmetric encription (DES) and HMAC (Message Authentication Codes using Hashing) - a mechanism for message authentication using cryptographic hash functions.

Maybe, if you don't need to hide data you should use HMAC only? I can guess that you don't need encryption, but digital signature. In fact digital signature is an encrypted (with private key) hash of a message.

Verification is a decryption of this hash and comparation with computed from plaintext message. If your provide more detail description then we can help to find the best solution.

1 In short, I guess, the answer is No. I'll use an additional hash. – Carsten Jul 21 at 6:32.

If you want authenticity of your data, then you could apply a MAC (Message Authentication Code) or a digital signature on your data. A viable solution using asymmetric public/private keys would be to wrap your data in a SignedData which then itself would be the payload of an EnvelopedData (cf. CMS).

Signature validation on your SignedData will loudly fail if somebody tampered with the contents. If you don't want to involve asymmetric keys, another standardized way to achieve your goal is using the AuthenticatedData structure described in the same RFC. The payload would be your already encrypted data, and the MAC would additionally ensure integrity and authenticity, again failing noticeably if the contents were tampered with.

The advantage of using a standard such as CMS here is a) that libraries already exist that support these features out of the box and b) that you can rely on something that has been tested and analyzed, so you don't run the risk of creating something insecure, something that happens all too easily with these kind of things.

I am nearly certain that any cryptographic system that is sensitive to the content (in the way that you want) will be leaking way too much info to be good encryption. The reason we have specialized, concern specific, algorithms is (imo) precisely for this reason. It should be a trivial matter for you to provide an interface that includes the message digest in the (compound) plain-text and then apply encryption.

On decryption, your simple wrapper will seek a (fixed) n-byte matter (somewhere in the compound plain-text) e.g. Encrypt this: +--------------+----------------//----------+ | digest bytes | content (plain-text).

You probably should check out PKCS #7, which is also used in S/MIME. It supports strong encryption and authentication, and is widely used and available via many implementing libraries. Bouncy Castle would be a good Java option.

PKCS #7 is not an encryption algorithm. It's Cryptographic Message Syntax Standard. The question was about cipher.

– zacheusz Jul 20 at 0:04 There is EncryptedData in CMS, too. – emboss Jul 20 at 0:12 yes, ofc, but still this is only message syntax, not algo – zacheusz Jul 20 at 0:23 @zacheusz - sure, but based on OP's comment "I know that I can do this manually by additionally computing a hash on the encrypted file, but I'd like to avoid doing that", I believe he is just looking for an easy-to-implement solution that includes both a strong cipher and a verification algorithm. A PKCS7 library would provide both with little hassle.

– jkraybill Jul 20 at 0:24 OK - you're right. It can be a way to acchieve it. But IMHO the problem is that we don'know what he want to acchieve ;) – zacheusz Jul 20 at 0:25.

You need to use a MAC to validate that the data isn't corrupted or modified. I suggest you read this.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.