1

Im building an Electron desktop app and storing data in a JSON file that I wish to encrypt and decrypt to prevent intentional tampering by the end user. This data will occasionally be read and updated by the app.

I've come to understand that Node's crypto module can handle this functionality.

My question pertains to the specific cipher algorithm to use. In reading Node's documentation, it says we have a choice between those provided by OpenSSL as can be found by calling 'openssl list -cipher-algorithms' in the terminal. Further research pointed me toward AES256 as I saw that it's trusted by governments.

But in whittling it down, there's still 11 variations to select from:

  • AES-256-CBC
  • id-aes256-CCM
  • AES-256-CFB
  • AES-256-CFB1
  • AES-256-CFB8
  • AES-256-CTR
  • AES-256-ECB
  • id-aes256-GCM
  • AES-256-OCB
  • AES-256-OFB

I assume that the decision is not arbitrary, and that each of these has a very specific use case. Can anybody point me in the right direction of what may be appropriate? And also, possibly a summary of why the others are not?

=== Update===

@topaco's reference comprehensively addresses this question for my use case, if not by the discussion presented, then by references provided.

Also, for those reading this later. This is a great place to start putting such things in an overarching context.

Shay Pottle
  • 51
  • 7
  • 1
    Does this answer your question? [How to choose an AES encryption mode (CBC ECB CTR OCB CFB)?](https://stackoverflow.com/questions/1220751/how-to-choose-an-aes-encryption-mode-cbc-ecb-ctr-ocb-cfb) – Topaco May 03 '22 at 07:51
  • Choosing the mode is only the first step, you also have to apply the mode correctly: for each mode there are different restrictions an limitations you have to consider when using it. E.g. for GCM mode there are limitations on the NONCE/IV regarding it's size and that you make sure to never reuse a pair of NONCE/key. – Robert May 03 '22 at 08:29

1 Answers1

0

CBC and GCM are probably the most commonly used. CBC is older which involves more compatibility. CBC does not include authentication instead of GCM. But it's possible to use CBC with HMAC (Encrypt then MAC). GCM is more and more used and one day CBC will be probably deprecated. For now, both seem to be good in your case.

ECB, one of the first generation of the AES, is absolutely not secure, see https://datalocker.com/what-is-the-difference-between-ecb-mode-versus-cbc-mode-aes-encryption/

gduh
  • 1,079
  • 12
  • 30
  • CBC isn't a good choice nowadays because of the [padding oracle attack](https://en.wikipedia.org/wiki/Padding_oracle_attack) – Robert May 03 '22 at 10:03