Open CtrlShiftTab opened 7 years ago
First of all you need to convert AES
key into a string, so later you will be able to encrypt it with RSA
. http://stackoverflow.com/questions/5355466/converting-secret-key-into-a-string-and-vice-versa
SecretKey secretKey;
String stringKey;
try {secretKey = KeyGenerator.getInstance("AES").generateKey();}
catch (NoSuchAlgorithmException e) {/* LOG YOUR EXCEPTION */}
if (secretKey != null) {stringKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT)}
If your public RSA
key is inside of apk
(in assets maybe) you will need to read it like this - http://stackoverflow.com/questions/11410770/load-rsa-public-key-from-file.
Then you can use that RSA
key to encrypt a AES
key text with Crypto#String encrypt(@NonNull String data, @NonNull Key key, boolean useInitialisationVectors)
.
// create a string from AES Secret Key
String aesKey;
// read Public Key from file
PublicKey publicKey;
//Encrypt AES key with public RSA key
Crypto crypto = new Crypto(TRANSFORMATION_ASYMMETRIC);
String encryptedAESKey = crypto.encrypt(aesKey, publicKey, false);
Unfortunately in current versionCrypto
has no function to encrypt/decrypt whole file, instead you can open a file, read it line by line, encrypt each line, and save encrypted line to another file.
Hey, tnx for answer! But don't know if you have an answer to my main question:
Would it be possible to perform multiparty encryption/decryption i.e. encrypt a file with AES shared key and encrypt this key with multiple public RSA keys?
Like in openssl, please find example below.
openssl smime -encrypt -aes256 -in secrets.txt -out secrets.txt.enc -outform PEM bob.pub alice.pub
The recipients could just use their private keys to decrypt like maybe:
openssl smime -decrypt -in secrets.txt.enc -inform PEM -inkey alice.key
Any ideas? Is this outside the scope of scytale
best
Jan
On 3/16/2017 2:54 PM, Yakiv Mospan wrote:
First of all you need to convert |AES| key into a string, so later you will be able to encrypt it with |RSA|. http://stackoverflow.com/questions/5355466/converting-secret-key-into-a-string-and-vice-versa
SecretKey secretKey; String stringKey;
try {secretKey = KeyGenerator.getInstance("AES").generateKey();} catch (NoSuchAlgorithmException e) {/ LOG YOUR EXCEPTION /}
if (secretKey != null) {stringKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT)}
If your public |RSA| key is inside of |apk| (in assets maybe) you will need to read it like this - http://stackoverflow.com/questions/11410770/load-rsa-public-key-from-file.
Then you can use that |RSA| key to encrypt a |AES| key text with |Crypto#String encrypt(@NonNull String data, @NonNull Key key, boolean useInitialisationVectors)| https://github.com/yakivmospan/scytale/blob/master/library/src/main/java/com/yakivmospan/scytale/Crypto.java#L90.
// create a string from AES Secret Key String aesKey;
// read Public Key from file PublicKey publicKey;
//Encrypt AES key with public RSA key Crypto crypto = new Crypto(TRANSFORMATION_ASYMMETRIC); String encryptedAESKey = crypto.encrypt(aesKey, publicKey, false);
Unfortunately in current version|Crypto| has no function to encrypt/decrypt whole file, instead you can open a file, read it line by line, encrypt each line, and save encrypted line to another file.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/yakivmospan/scytale/issues/4#issuecomment-286982796, or mute the thread https://github.com/notifications/unsubscribe-auth/AOaV0EN0LWiVQrEoxDUiTayoUcMcgs0qks5rmOq8gaJpZM4Me52m.
Hi Jan,
If I understand it correctly, you will need to have all public RSA keys and AES key. Then you can encrypt file with AES, for each recipient you will need to encrypt AES with his public RSA. After this you can send encrypted file and encrypted AES key.
Recipient will just store RSA key pair, and wait for encrypted file and encrypted AES. As soon as he receives them, he will decrypt AES key and use it for decryption of file.
Sounds as it is possible to implement. In my answer above I've already pointed some steps for AES key encryption, hope it can help you. Try to ask about it on http://stackoverflow.com/ as well.
Regards, Yakiv
OK, thanks a lot. I understand what you mean. But I think one could also (like in PGP or CMS) encrypt the same message with many public keys at once and then send the same blob to the different recipients. Then every one of the recipients should be able decrypt the blob with their private key. Theres a description here: https://tools.ietf.org/html/rfc5652#section-6
Don't know how to implement this using JCA, but sounds better then choosing key for specific recipient. Maybe you can find some info here https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#Cipher. I will also try to search on weekend, will ping you if I found something.
Cheers, Yakiv
You can also check this http://stackoverflow.com/questions/19491536/data-encryption-decryption-with-two-or-more-possible-keys-in-java and this http://flylib.com/books/en/1.274.1.29/1/ posts
Few more materials for this topic:
@CtrlShiftTab , btw if you look at the description you sent above more carefully, you will notice that they are talking about about the same thing that I was. They are not using multiple keys at once, but uses specific key from specific user:
The content-encryption key is encrypted for each recipient. The details of this encryption depend on the key management algorithm used, but four general techniques are supported:
key transport: the content-encryption key is encrypted in the recipient's public key;
Please correct me if I'm wrong about it. Also I'm planning to add the possibilities to encrypt / decrypt blobs, input streams, files and wrap / unwrap keys to scytale.
I think found a good description of the implementation here:
https://tools.ietf.org/html/rfc4880#section-5.1
This also confirms what you mentioned regarding https://tools.ietf.org/html/rfc5652#section-6.
Thanks for clearing this up. Looking forward to further enhancements of your code.
Not so much an issue as a feature query, hope this is ok. Would it be possible to perform multiparty encryption/decryption i.e. encrypt a file with AES shared key and encrypt this key with multiple public RSA keys?
Like in openssl, please find example below.
openssl smime -encrypt -aes256 -in secrets.txt -out secrets.txt.enc -outform PEM bob.pub alice.pub frank.pub carol.pub
The recipients could just use their private keys to decrypt like maybe:
openssl smime -decrypt -in secrets.txt.enc -inform PEM -inkey alice.key
Any hints very much appreciated! thanks