search

yakivmospan / scytale

One tool to manage key generation, key storing and encryption on different APIs of Android.
432 stars 45 forks source link

Multiparty encryption #4

Open CtrlShiftTab opened 7 years ago

CtrlShiftTab commented 7 years ago

Not so much an issue as a feature query, hope this is ok. Would it be possible to perform multiparty encryption/decryption i.e. encrypt a file with AES shared key and encrypt this key with multiple public RSA keys?

Like in openssl, please find example below.

openssl smime -encrypt -aes256 -in secrets.txt -out secrets.txt.enc -outform PEM bob.pub alice.pub frank.pub carol.pub

The recipients could just use their private keys to decrypt like maybe:

openssl smime -decrypt -in secrets.txt.enc -inform PEM -inkey alice.key

Any hints very much appreciated! thanks

yakivmospan commented 7 years ago

First of all you need to convert AES key into a string, so later you will be able to encrypt it with RSA. http://stackoverflow.com/questions/5355466/converting-secret-key-into-a-string-and-vice-versa

SecretKey secretKey;
String stringKey;

try {secretKey = KeyGenerator.getInstance("AES").generateKey();}
catch (NoSuchAlgorithmException e) {/* LOG YOUR EXCEPTION */}

if (secretKey != null) {stringKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT)}

If your public RSA key is inside of apk (in assets maybe) you will need to read it like this - http://stackoverflow.com/questions/11410770/load-rsa-public-key-from-file.

Then you can use that RSA key to encrypt a AES key text with Crypto#String encrypt(@NonNull String data, @NonNull Key key, boolean useInitialisationVectors).


// create a string from AES Secret Key
String aesKey;

// read Public Key from file
PublicKey publicKey;

//Encrypt AES key with public RSA key
Crypto crypto = new Crypto(TRANSFORMATION_ASYMMETRIC);
String encryptedAESKey = crypto.encrypt(aesKey, publicKey, false);

Unfortunately in current versionCrypto has no function to encrypt/decrypt whole file, instead you can open a file, read it line by line, encrypt each line, and save encrypted line to another file.

CtrlShiftTab commented 7 years ago

Hey, tnx for answer! But don't know if you have an answer to my main question:

Would it be possible to perform multiparty encryption/decryption i.e. encrypt a file with AES shared key and encrypt this key with multiple public RSA keys?

Like in openssl, please find example below.

openssl smime -encrypt -aes256 -in secrets.txt -out secrets.txt.enc -outform PEM bob.pub alice.pub

The recipients could just use their private keys to decrypt like maybe:

openssl smime -decrypt -in secrets.txt.enc -inform PEM -inkey alice.key

Any ideas? Is this outside the scope of scytale

best

Jan

On 3/16/2017 2:54 PM, Yakiv Mospan wrote:

First of all you need to convert |AES| key into a string, so later you will be able to encrypt it with |RSA|. http://stackoverflow.com/questions/5355466/converting-secret-key-into-a-string-and-vice-versa

SecretKey secretKey; String stringKey;

try {secretKey = KeyGenerator.getInstance("AES").generateKey();} catch (NoSuchAlgorithmException e) {/ LOG YOUR EXCEPTION /}

if (secretKey != null) {stringKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT)}

If your public |RSA| key is inside of |apk| (in assets maybe) you will need to read it like this - http://stackoverflow.com/questions/11410770/load-rsa-public-key-from-file.

Then you can use that |RSA| key to encrypt a |AES| key text with |Crypto#String encrypt(@NonNull String data, @NonNull Key key, boolean useInitialisationVectors)| https://github.com/yakivmospan/scytale/blob/master/library/src/main/java/com/yakivmospan/scytale/Crypto.java#L90.

// create a string from AES Secret Key String aesKey;

// read Public Key from file PublicKey publicKey;

//Encrypt AES key with public RSA key Crypto crypto = new Crypto(TRANSFORMATION_ASYMMETRIC); String encryptedAESKey = crypto.encrypt(aesKey, publicKey, false);

Unfortunately in current version|Crypto| has no function to encrypt/decrypt whole file, instead you can open a file, read it line by line, encrypt each line, and save encrypted line to another file.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/yakivmospan/scytale/issues/4#issuecomment-286982796, or mute the thread https://github.com/notifications/unsubscribe-auth/AOaV0EN0LWiVQrEoxDUiTayoUcMcgs0qks5rmOq8gaJpZM4Me52m.

yakivmospan commented 7 years ago

Hi Jan,

If I understand it correctly, you will need to have all public RSA keys and AES key. Then you can encrypt file with AES, for each recipient you will need to encrypt AES with his public RSA. After this you can send encrypted file and encrypted AES key.

Recipient will just store RSA key pair, and wait for encrypted file and encrypted AES. As soon as he receives them, he will decrypt AES key and use it for decryption of file.

Sounds as it is possible to implement. In my answer above I've already pointed some steps for AES key encryption, hope it can help you. Try to ask about it on http://stackoverflow.com/ as well.

Regards, Yakiv

CtrlShiftTab commented 7 years ago

OK, thanks a lot. I understand what you mean. But I think one could also (like in PGP or CMS) encrypt the same message with many public keys at once and then send the same blob to the different recipients. Then every one of the recipients should be able decrypt the blob with their private key. Theres a description here: https://tools.ietf.org/html/rfc5652#section-6

yakivmospan commented 7 years ago

Don't know how to implement this using JCA, but sounds better then choosing key for specific recipient. Maybe you can find some info here https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#Cipher. I will also try to search on weekend, will ping you if I found something.

Cheers, Yakiv

yakivmospan commented 7 years ago

You can also check this http://stackoverflow.com/questions/19491536/data-encryption-decryption-with-two-or-more-possible-keys-in-java and this http://flylib.com/books/en/1.274.1.29/1/ posts

yakivmospan commented 7 years ago

Few more materials for this topic:

@CtrlShiftTab , btw if you look at the description you sent above more carefully, you will notice that they are talking about about the same thing that I was. They are not using multiple keys at once, but uses specific key from specific user:

The content-encryption key is encrypted for each recipient. The details of this encryption depend on the key management algorithm used, but four general techniques are supported:

key transport: the content-encryption key is encrypted in the recipient's public key;

Please correct me if I'm wrong about it. Also I'm planning to add the possibilities to encrypt / decrypt blobs, input streams, files and wrap / unwrap keys to scytale.

CtrlShiftTab commented 7 years ago

I think found a good description of the implementation here:

https://tools.ietf.org/html/rfc4880#section-5.1

This also confirms what you mentioned regarding https://tools.ietf.org/html/rfc5652#section-6.

Thanks for clearing this up. Looking forward to further enhancements of your code.