Multiparty encryption #4
Comments
|
First of all you need to convert SecretKey secretKey;
String stringKey;
try {secretKey = KeyGenerator.getInstance("AES").generateKey();}
catch (NoSuchAlgorithmException e) {/* LOG YOUR EXCEPTION */}
if (secretKey != null) {stringKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT)}If your public Then you can use that // create a string from AES Secret Key
String aesKey;
// read Public Key from file
PublicKey publicKey;
//Encrypt AES key with public RSA key
Crypto crypto = new Crypto(TRANSFORMATION_ASYMMETRIC);
String encryptedAESKey = crypto.encrypt(aesKey, publicKey, false);Unfortunately in current version |
|
Hey, tnx for answer! But don't know if you have an answer to my main
question:
Would it be possible to perform multiparty encryption/decryption i.e.
encrypt a file with AES shared key and encrypt this key with multiple
public RSA keys?
Like in openssl, please find example below.
openssl smime -encrypt -aes256 -in secrets.txt -out secrets.txt.enc -outform PEM bob.pub alice.pub
The recipients could just use their private keys to decrypt like maybe:
openssl smime -decrypt -in secrets.txt.enc -inform PEM -inkey alice.key
Any ideas? Is this outside the scope of scytale
best
Jan
…On 3/16/2017 2:54 PM, Yakiv Mospan wrote:
First of all you need to convert |AES| key into a string, so later you
will be able to encrypt it with |RSA|.
http://stackoverflow.com/questions/5355466/converting-secret-key-into-a-string-and-vice-versa
SecretKey secretKey;
String stringKey;
try {secretKey = KeyGenerator.getInstance("AES").generateKey();}
catch (NoSuchAlgorithmException e) {/* LOG YOUR EXCEPTION */}
if (secretKey != null) {stringKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT)}
If your public |RSA| key is inside of |apk| (in assets maybe) you will
need to read it like this -
http://stackoverflow.com/questions/11410770/load-rsa-public-key-from-file.
Then you can use that |RSA| key to encrypt a |AES| key text with
|Crypto#String ***@***.*** String data, @nonnull Key key, boolean
useInitialisationVectors)|
<https://github.com/yakivmospan/scytale/blob/master/library/src/main/java/com/yakivmospan/scytale/Crypto.java#L90>.
// create a string from AES Secret Key
String aesKey;
// read Public Key from file
PublicKey publicKey;
//Encrypt AES key with public RSA key
Crypto crypto = new Crypto(TRANSFORMATION_ASYMMETRIC);
String encryptedAESKey = crypto.encrypt(aesKey, publicKey, false);
Unfortunately in current version|Crypto| has no function to
encrypt/decrypt whole file, instead you can open a file, read it line by
line, encrypt each line, and save encrypted line to another file.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4 (comment)>, or
mute the thread
<https://github.com/notifications/unsubscribe-auth/AOaV0EN0LWiVQrEoxDUiTayoUcMcgs0qks5rmOq8gaJpZM4Me52m>.
|
|
Hi Jan, If I understand it correctly, you will need to have all public RSA keys and AES key. Then you can encrypt file with AES, for each recipient you will need to encrypt AES with his public RSA. After this you can send encrypted file and encrypted AES key. Recipient will just store RSA key pair, and wait for encrypted file and encrypted AES. As soon as he receives them, he will decrypt AES key and use it for decryption of file. Sounds as it is possible to implement. In my answer above I've already pointed some steps for AES key encryption, hope it can help you. Try to ask about it on http://stackoverflow.com/ as well. Regards, |
|
OK, thanks a lot. I understand what you mean. But I think one could also (like in PGP or CMS) encrypt the same message with many public keys at once and then send the same blob to the different recipients. Then every one of the recipients should be able decrypt the blob with their private key. Theres a description here: https://tools.ietf.org/html/rfc5652#section-6 |
|
Don't know how to implement this using JCA, but sounds better then choosing key for specific recipient. Maybe you can find some info here https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#Cipher. I will also try to search on weekend, will ping you if I found something. Cheers, |
|
You can also check this http://stackoverflow.com/questions/19491536/data-encryption-decryption-with-two-or-more-possible-keys-in-java and this http://flylib.com/books/en/1.274.1.29/1/ posts |
|
Few more materials for this topic:
@CtrlShiftTab , btw if you look at the description you sent above more carefully, you will notice that they are talking about about the same thing that I was. They are not using multiple keys at once, but uses specific key from specific user:
Please correct me if I'm wrong about it. Also I'm planning to add the possibilities to encrypt / decrypt blobs, input streams, files and wrap / unwrap keys to scytale. |
|
I think found a good description of the implementation here:
https://tools.ietf.org/html/rfc4880#section-5.1
This also confirms what you mentioned regarding
https://tools.ietf.org/html/rfc5652#section-6.
Thanks for clearing this up. Looking forward to further enhancements of
your code.
|
Not so much an issue as a feature query, hope this is ok. Would it be possible to perform multiparty encryption/decryption i.e. encrypt a file with AES shared key and encrypt this key with multiple public RSA keys?
Like in openssl, please find example below.
openssl smime -encrypt -aes256 -in secrets.txt -out secrets.txt.enc -outform PEM bob.pub alice.pub frank.pub carol.pub
The recipients could just use their private keys to decrypt like maybe:
openssl smime -decrypt -in secrets.txt.enc -inform PEM -inkey alice.key
Any hints very much appreciated! thanks
The text was updated successfully, but these errors were encountered: