0

So my app downloads videos from the internet but encrypts it on-the-fly while downloading it and writes the encrypted data to the storage. I am using AES/CTR/NoPadding. How can I append encrypted data to already encrypted file? That's because the download may stop or the connection may go down so the app can resume the download. I tried this by passing append parameter on a resume situation, the file gets completed (resumed) and I can decrypt the file back (no problem) but the file is corrupted and when I compare it to an encrypted file which was downloaded at one shot (no pause and resume) it is totally different. Also the file which is downloaded at one shot is fully working after decryption, its playable and all the bits are intact.

I am using a hardcoded 128bit key and a hardcoded 128bit IV.

Gas Can
  • 27
  • 10
  • 1
    CTR mode requires no padding and use a counter to encrypt. This enables encrypt any 128-bit index on demand and even any bit. If you know the last index you are fine, assuming that they get always 128-bit. Why don't you use TLS? – kelalaka Jan 10 '20 at 15:21
  • That would require to save the internal state of the CTS cipher which is AFAIK not supported by the standard cipher implementations. BTW: CTS is a bad cipher for video playback as it makes skipping very very complicated. May be you should better split your file in blocks and encrypt each block with a clean cipher instance. This would simplify appending and seeking. – Robert Jan 10 '20 at 19:40
  • @kelalaka I'm afraid I don't understand. What do you mean I don't use TLS? – Gas Can Jan 11 '20 at 18:31
  • @Robert Well I use ExoPlayer to play the video and a custom implementation of a custom encrypted datasource to handle the file, skipping and rewinding works fine for me. As the implementation is not written by me but by someone else. – Gas Can Jan 11 '20 at 18:32

1 Answers1

0

You can use the same scheme to set the offset for decryption, which I've laid out in this answer. Actually, for CTR mode, encryption is the same operation as decryption, so it is obvious that both operations work in identical ways. Of course you will have to store the IV with the ciphertext in advance for this to work.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263