MPK and MSK key sharing between two executables

[ganeshsprabhu]

Dear Team,

I am using this openabe library and it's working fine for single executable. One of my requirements is

Exe1:
Initialize
Create object
Keygen
Encrypt

Exe2:
Initialize
Create object
Keygen
Decrypt

This doesnot work. Because of random key generation, mpk and msk are different for every run.

Is there any hack for this to hard code previously generated key in the code. So that for every run keys will not change.

Please suggest the code point, where i can hard code this. Thank you in advance

Regards,
Ganesh

[ganeshsprabhu]

This needed to perform,

• Encrypton at one end
• Decryption at another end (in a separate code base or exe)

[PekeDevil]

I'm replying a bit late, but I'll leave the answer in case it's still useful. It's a bit long because I think there are certain concepts that I think are important to clarify.

In order to do what you are asking for (one endpoint encrypts and another decrypts). Ideally, you need three endpoints:

• The key generator/initializer.
• The encryptor
• The decryptor

In addition to that you have to ensure minimum communication between the following endpoints:

• The key generator and the decryptor.
• The encryptor and the decryptor.

Having said that, the step-by-step process is as follows:

1. The key generator initialises the system, and generates the MPK and the MSK.
2. The key generator must deliver the MPK to ALL endpoints that want to participate in the communication. To make it more efficient, you can also leave the MPK in a repository to which the endpoints have access.
3. The key generator generates a secret key (SK) for each endpoint that wants to act as decryptor, and delivers it to them privately through a secure channel.

With these 3 steps the system would be "initialised", i.e. in theory all endpoints have the necessary parameters to participate in the encrypted communication. There is no need to regenerate the MSK and MPK.

Next, to fulfill the encryption and decryption on different endpoints:

1. The encryptor uses the MPK as well as the desired access policy to encrypt the information.
2. The encryptor sends the encrypted information to the decryptor.
3. The decryptor uses the same MPK as the encryptor, together with the SK sent by the key generator to decrypt the information.

Having established this, one important thing I want to make clear is that in order for all participants in the encrypted communication to be able to "talk" to each other, they must share the same MPK. That is, all SKs must be generated with the same MPK and MSK, and all messages must be encrypted and decrypted with the same MPK.

Some of your other questions:

"This does not work. Because of random key generation, mpk and msk are different for every run".

This is because you only have to initialize them once.

"Is there any hack for this to hard code previously generated key in the code. So that for every run keys will not change."

Hardcoding secret keys is a serious security violation, instead the MSK must be stored securely (e.g. in a TPM). The MPK is public and you can (and indeed should) share it among all members of the communication.

"Please suggest the code point, where I can hard code this."

Please consider my answer above, but to manage the MPK and MSK OpenABE offers the following functions:

cpabe.importPublicParams(mpk)
cpabe.importSecretParams(msk)