Comments (1)
ColtonProvias
commented on August 20, 2024
The method that you usually do multi-recipient encryption is through key agreement and key wrapping. All users end up using the same content encryption key and thus you only do the main encryption once.
Given an arbitrary amount of data and a set of public keys corresponding to the recipients:
- Generate a symmetric content encryption key (CEK) to perform AES with.
- Encrypt the data with your desired mode of AES.
Then for each recipient:
- Generate an ephemeral private/public key pair.
- Use the ephemeral private key and the recipient's public key to derive a key encryption key.
- Wrap the content encryption key with the key encryption key that you derived.
- Create a hash or something that contains the wrapped key and the ephemeral public key.
You then send the encrypted message with the wrapped keys and ephemeral public keys to all recipients. Each recipient tries every wrapped key/ephemeral public key pair doing key derivation and attempting decryption until successful.
In some of my projects, I implement exactly this. The encryption algorithm I use is AES-256-GCM. For PKI recipients, they are using ECDH keys, so an ephemeral ECDH key is generated for each, ECDH is performed, and the result of that is passed through SHA-256 before being used as the KEK to wrap the CEK via AES-256-KW. In some cases, the recipient is the originating user, in which case their credentials are used to derive a key via a key derivation function (currently either scrypt, pbkdf2, or Argon2id) and that is the KEK used to wrap the CEK via AES-256-KW.
from webcrypto-examples.
Related Issues (20)
- How to import base64 encoded key? HOT 1
- RSA-OAEP wrapKey/unwrapKey HOT 1
- Describe each encryption a litle bit HOT 1
- Deterministic generation of key pair from seed HOT 2
- How to recover public key with ECDSA?
- Source of Recommended/Discouraged algorithms HOT 3
- verbose mode
- Just thank you
- importKey RSA-OAEP with SHA-1 not working on safari 11
- HKDF-CTR replaced by HKDF
- how to use the ECDH or DH keys in transing?
- window.crypto.subtle.importKey not working for me when i hosted my web app on Server (IIS or NodeJs)
- ECDH deriveKey example should use HKDF
- Why are RSA APIs marked as "not recommended"?
- Unable to encrypt the bulk data in webcrypto
- Low rounds of PBKDF2
- False negative for PBKDF2+deriveKey
- Use key pair to encrypt / decrypt and sign / verify?
- Issue in decryption crypto.subtle encrypted text using RSACryptoServiceProvider
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webcrypto-examples.