Multiparty encryption

Question

Multiparty encryption

CtrlShiftTab opened this issue 7 years ago · comments

Not so much an issue as a feature query, hope this is ok. Would it be possible to perform multiparty encryption/decryption i.e. encrypt a file with AES shared key and encrypt this key with multiple public RSA keys?

Like in openssl, please find example below.

openssl smime -encrypt -aes256 -in secrets.txt -out secrets.txt.enc -outform PEM bob.pub alice.pub frank.pub carol.pub

The recipients could just use their private keys to decrypt like maybe:

openssl smime -decrypt -in secrets.txt.enc -inform PEM -inkey alice.key

Any hints very much appreciated! thanks

Yakiv Mospan · Answer 1 · Thu Mar 16 2017 15:54:35 GMT+0800 (China Standard Time)

First of all you need to convert AES key into a string, so later you will be able to encrypt it with RSA. http://stackoverflow.com/questions/5355466/converting-secret-key-into-a-string-and-vice-versa

SecretKey secretKey;
String stringKey;

try {secretKey = KeyGenerator.getInstance("AES").generateKey();}
catch (NoSuchAlgorithmException e) {/* LOG YOUR EXCEPTION */}

if (secretKey != null) {stringKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT)}

If your public RSA key is inside of apk (in assets maybe) you will need to read it like this - http://stackoverflow.com/questions/11410770/load-rsa-public-key-from-file.

Then you can use that RSA key to encrypt a AES key text with Crypto#String encrypt(@NonNull String data, @NonNull Key key, boolean useInitialisationVectors).

// create a string from AES Secret Key
String aesKey;

// read Public Key from file
PublicKey publicKey;

//Encrypt AES key with public RSA key
Crypto crypto = new Crypto(TRANSFORMATION_ASYMMETRIC);
String encryptedAESKey = crypto.encrypt(aesKey, publicKey, false);

Unfortunately in current versionCrypto has no function to encrypt/decrypt whole file, instead you can open a file, read it line by line, encrypt each line, and save encrypted line to another file.

CtrlShiftTab · Answer 2 · Thu Mar 16 2017 18:28:51 GMT+0800 (China Standard Time)

Hey, tnx for answer! But don't know if you have an answer to my main question: Would it be possible to perform multiparty encryption/decryption i.e. encrypt a file with AES shared key and encrypt this key with multiple public RSA keys? Like in openssl, please find example below. openssl smime -encrypt -aes256 -in secrets.txt -out secrets.txt.enc -outform PEM bob.pub alice.pub The recipients could just use their private keys to decrypt like maybe: openssl smime -decrypt -in secrets.txt.enc -inform PEM -inkey alice.key Any ideas? Is this outside the scope of scytale best Jan

…

On 3/16/2017 2:54 PM, Yakiv Mospan wrote: First of all you need to convert |AES| key into a string, so later you will be able to encrypt it with |RSA|. http://stackoverflow.com/questions/5355466/converting-secret-key-into-a-string-and-vice-versa SecretKey secretKey; String stringKey; try {secretKey = KeyGenerator.getInstance("AES").generateKey();} catch (NoSuchAlgorithmException e) {/* LOG YOUR EXCEPTION */} if (secretKey != null) {stringKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT)} If your public |RSA| key is inside of |apk| (in assets maybe) you will need to read it like this - http://stackoverflow.com/questions/11410770/load-rsa-public-key-from-file. Then you can use that |RSA| key to encrypt a |AES| key text with |Crypto#String ***@***.*** String data, @nonnull Key key, boolean useInitialisationVectors)| <https://github.com/yakivmospan/scytale/blob/master/library/src/main/java/com/yakivmospan/scytale/Crypto.java#L90>. // create a string from AES Secret Key String aesKey; // read Public Key from file PublicKey publicKey; //Encrypt AES key with public RSA key Crypto crypto = new Crypto(TRANSFORMATION_ASYMMETRIC); String encryptedAESKey = crypto.encrypt(aesKey, publicKey, false); Unfortunately in current version|Crypto| has no function to encrypt/decrypt whole file, instead you can open a file, read it line by line, encrypt each line, and save encrypted line to another file. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#4 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AOaV0EN0LWiVQrEoxDUiTayoUcMcgs0qks5rmOq8gaJpZM4Me52m>.

Yakiv Mospan · Answer 3 · Thu Mar 16 2017 19:39:07 GMT+0800 (China Standard Time)

Hi Jan,

If I understand it correctly, you will need to have all public RSA keys and AES key. Then you can encrypt file with AES, for each recipient you will need to encrypt AES with his public RSA. After this you can send encrypted file and encrypted AES key.

Recipient will just store RSA key pair, and wait for encrypted file and encrypted AES. As soon as he receives them, he will decrypt AES key and use it for decryption of file.

Sounds as it is possible to implement. In my answer above I've already pointed some steps for AES key encryption, hope it can help you. Try to ask about it on http://stackoverflow.com/ as well.

Regards,
Yakiv

CtrlShiftTab · Answer 4 · Thu Mar 16 2017 20:12:35 GMT+0800 (China Standard Time)

OK, thanks a lot. I understand what you mean. But I think one could also (like in PGP or CMS) encrypt the same message with many public keys at once and then send the same blob to the different recipients. Then every one of the recipients should be able decrypt the blob with their private key. Theres a description here: https://tools.ietf.org/html/rfc5652#section-6

Yakiv Mospan · Answer 5 · Thu Mar 16 2017 22:28:11 GMT+0800 (China Standard Time)

Don't know how to implement this using JCA, but sounds better then choosing key for specific recipient. Maybe you can find some info here https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#Cipher. I will also try to search on weekend, will ping you if I found something.

Cheers,
Yakiv

Yakiv Mospan · Answer 6 · Thu Mar 16 2017 22:39:42 GMT+0800 (China Standard Time)

You can also check this http://stackoverflow.com/questions/19491536/data-encryption-decryption-with-two-or-more-possible-keys-in-java and this http://flylib.com/books/en/1.274.1.29/1/ posts

Yakiv Mospan · Answer 7 · Tue Mar 21 2017 05:52:18 GMT+0800 (China Standard Time)

Few more materials for this topic:

@CtrlShiftTab , btw if you look at the description you sent above more carefully, you will notice that they are talking about about the same thing that I was. They are not using multiple keys at once, but uses specific key from specific user:

The content-encryption key is encrypted for each recipient. The details of this encryption depend on the key management algorithm used, but four general techniques are supported:

key transport: the content-encryption key is encrypted in the recipient's public key;

Please correct me if I'm wrong about it. Also I'm planning to add the possibilities to encrypt / decrypt blobs, input streams, files and wrap / unwrap keys to scytale.

CtrlShiftTab · Answer 8 · Tue Mar 21 2017 15:12:30 GMT+0800 (China Standard Time)

I think found a good description of the implementation here: https://tools.ietf.org/html/rfc4880#section-5.1 This also confirms what you mentioned regarding https://tools.ietf.org/html/rfc5652#section-6. Thanks for clearing this up. Looking forward to further enhancements of your code.