search

paragonie / halite

High-level cryptography interface powered by libsodium
https://paragonie.com/project/halite
Mozilla Public License 2.0
1.13k stars 85 forks source link

password protected secretKey? And: change password without changing publicKey? #169

Closed wivaku closed 3 years ago

wivaku commented 3 years ago

For my keypair: would like to password protect my secretKey, similar to openssl_pkey_export. This so that I need both secretKey and the correct password to decrypt a message.

And additionally, would like to be able to change the password for that secretKey without changing the publicKey.

Can this be done?

paragonie-security commented 3 years ago

There are two ways to get what you want.

The Derivation Way

https://github.com/paragonie/halite/blob/master/doc/Classes/KeyFactory.md#deriveencryptionkeypair

With the current edition of Halite, you can derive a given keypair from a password and salt.

Alternative

  1. Derive a symmetric key from a username and password: https://github.com/paragonie/halite/blob/master/doc/Classes/KeyFactory.md#deriveencryptionkey
  2. Use the symmetric key to encrypt your secretKey.

There is no concept of a password-protected (but not derived) key in Halite 4.

wivaku commented 3 years ago

The Derivation Way is a good workaround. That will do the trick, thanks.