search

facebookarchive / conceal

Conceal provides easy Android APIs for performing fast encryption and authentication of data.
http://facebook.github.io/conceal/
Other
2.96k stars 431 forks source link

What is the real use of entity? #178

Closed CarlTien closed 7 years ago

CarlTien commented 7 years ago

if the name of the Entity is bound to the file name and content, then how come a file encrypted using 'test' can be decrypted using 'test1' ? Can u give an example using " Entity " ?

helios175 commented 7 years ago

I myself was troubled with this when joining the project. Maybe we should think of a better name for entity. The explanation might be a little long but I think it's worthy. You can jump to the TLDR if you prefer.

When using an encryption method like the one we use (AES/GCM) there are two things done: 1) encrypting the data with a secret key 2) adding some integrity verification so it's difficult to tamper

The first point is what you would expect of encryption. But the second one helps achieve another thing: 1) avoid an attacker changes the encrypted bytes therefore you decrypt some other stuff (while thinking it's valid).

So far so good. The secret key (provided by the KeyChain) is used in encryption and decryption to encrypt/decrypt. And an extra tag tail is added with some verification. If you don't have the key you cannot produce another blob of encrypted bytes that "verifies".

(sidenote: the use of a random initial value: IV, which aims to be different for each message, helps making impossible to infer keys from different encrypted contents, also to infer a valid verification-tag for a tampered content... but that's part of Cryptography theory).

Now even if an attacker cannot tamper any content without being detected as invalid it could still mess it in one way: suppose you have two files in your file system. Both encrypted using Conceal (or some other similar tool). An attacker could still swap the names of F1 and F2, and when you read F1 everything would verify, because it was produced legally. But the content decrypted will be the one from the original F2 (before the name swap).

The way to prevent this is to use an entity (just a bunch of bytes) that identifies the thing you're storing (the filename should is perfect in the example, but you can use something different). The entity is included in the verification-tag. So the verification-tag not only claims that the content is valid (and generated with that key) but also it correspond to that entity (or id).

So if an attacker swaps the files, your decryption code will say: decrypt this file, with this key, and entity F1. But if it was swapped with F2 verification-tag won't match. Because its verification-tag was produced to verify the file's content+id="F2".

TLDR

The Entity is the "id" for the content you are encrypting/decrypting. It can be anything you want. It can be for example, the filename. The integrity verification mechanism not only will verify content integrity but also that the content was written using the same entity/id. That way you are sure files/contents were not swapped among them.

When you encrypt something with Entity.create("content1"). You will be able to decrypt it only using Entity.create("content1"). It doesn't affect the encrypted content, but the verification tag. And it prevents encrypted-content swapping by an attacker.