Closed maninkari closed 2 years ago
The algorithm that is used for proxy re-encryption has very specific requirements for the value that can be encrypted - gen_plaintext()
produces those values. To encrypt an arbitrary array of bytes, you can use gen_plaintext()
, then pass that to derive_private_key()
to generate a key that you can use with AES256-GCM to encrypt the byte array.
Once you have encrypted the bytes, you can encrypt the plaintext to a user or group. When the recipient of the encrypted document and key is ready to decrypt, they decrypt the encrypted plaintext, call the same derive_private_key()
, and use AES256-GCM to decrypt the bytes and recover the original data. This process of using a symmetric encryption algorithm for the data and an asymmetric algorithm to protect the key is called "envelope encryption".
These operations are all handled by the ironoxide
library, which uses recrypt for the core proxy re-encryption, but does the AES encryption as well.
Hi @BobWall23, thank you for replying! I think I understand what you are saying... So is the main purpose of Plaintext
to be used to derive a private key with derive_private_key()
instead of storing encrypted data of, let's say, a file? That makes sense. Then that derived private key is what I should be using to encrypt and decrypt the file/data. Sweet!
Thanks!
Hi, I've been able to use recrypt for a POC using
recrypt.gen_plaintext()
but this fails the moment I try to encrypt anything other than that[u8; 384]
structure. What if I want to encrypt an image or any other array of bytes that's not 384 bytes length? Is there a work around for this? Thank you!