Multiparty encryption about scytale HOT 8 OPEN

Hi Jan,

If I understand it correctly, you will need to have all public RSA keys and AES key. Then you can encrypt file with AES, for each recipient you will need to encrypt AES with his public RSA. After this you can send encrypted file and encrypted AES key.

Recipient will just store RSA key pair, and wait for encrypted file and encrypted AES. As soon as he receives them, he will decrypt AES key and use it for decryption of file.

Sounds as it is possible to implement. In my answer above I've already pointed some steps for AES key encryption, hope it can help you. Try to ask about it on http://stackoverflow.com/ as well.

Regards,
Yakiv

from scytale.

First of all you need to convert AES key into a string, so later you will be able to encrypt it with RSA. http://stackoverflow.com/questions/5355466/converting-secret-key-into-a-string-and-vice-versa

SecretKey secretKey;
String stringKey;

try {secretKey = KeyGenerator.getInstance("AES").generateKey();}
catch (NoSuchAlgorithmException e) {/* LOG YOUR EXCEPTION */}

if (secretKey != null) {stringKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT)}

If your public RSA key is inside of apk (in assets maybe) you will need to read it like this - http://stackoverflow.com/questions/11410770/load-rsa-public-key-from-file.

Then you can use that RSA key to encrypt a AES key text with Crypto#String encrypt(@NonNull String data, @NonNull Key key, boolean useInitialisationVectors).

// create a string from AES Secret Key
String aesKey;

// read Public Key from file
PublicKey publicKey;

//Encrypt AES key with public RSA key
Crypto crypto = new Crypto(TRANSFORMATION_ASYMMETRIC);
String encryptedAESKey = crypto.encrypt(aesKey, publicKey, false);

Unfortunately in current versionCrypto has no function to encrypt/decrypt whole file, instead you can open a file, read it line by line, encrypt each line, and save encrypted line to another file.

from scytale.

from scytale.

OK, thanks a lot. I understand what you mean. But I think one could also (like in PGP or CMS) encrypt the same message with many public keys at once and then send the same blob to the different recipients. Then every one of the recipients should be able decrypt the blob with their private key. Theres a description here: https://tools.ietf.org/html/rfc5652#section-6

from scytale.

Don't know how to implement this using JCA, but sounds better then choosing key for specific recipient. Maybe you can find some info here https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#Cipher. I will also try to search on weekend, will ping you if I found something.

Cheers,
Yakiv

from scytale.

You can also check this http://stackoverflow.com/questions/19491536/data-encryption-decryption-with-two-or-more-possible-keys-in-java and this http://flylib.com/books/en/1.274.1.29/1/ posts

from scytale.

Few more materials for this topic:

• http://stackoverflow.com/questions/16586627/should-i-use-cipher-wrap-mode-or-cipher-encrypt-mode-to-encrypt-a-session-key
• http://www.itcsolutions.eu/2011/08/24/how-to-encrypt-decrypt-files-in-java-with-aes-in-cbc-mode-using-bouncy-castle-api-and-netbeans-or-eclipse/

@CtrlShiftTab , btw if you look at the description you sent above more carefully, you will notice that they are talking about about the same thing that I was. They are not using multiple keys at once, but uses specific key from specific user:

The content-encryption key is encrypted for each recipient. The details of this encryption depend on the key management algorithm used, but four general techniques are supported:

key transport: the content-encryption key is encrypted in the recipient's public key;

Please correct me if I'm wrong about it. Also I'm planning to add the possibilities to encrypt / decrypt blobs, input streams, files and wrap / unwrap keys to scytale.

from scytale.

from scytale.