I have a scenario in which there are three parties: one user,one content provider and a proxy. The data is to be transferred between user and content provider anonymously though the proxy. I have two questions.
1. If the user has a pseudonym based on its public key, can it apply for another public key?
2. For data confidentiality between user and content provider such that proxy cannot read the transferred contents, Diffie-Hellman key exchange can be used. But can I use the public key obtained in part 1 to get the encrypted data between user and content provider?
Best Regards
Alexandera
Diffie-Hellman is a method for establishing a shared secret between two entities.
So, that's a part of secret key cryptography.
No number of public keys, unless you manage to generate the current shared secret, will get you the information shared between two parties using secret key crypto. A public key should be matched to, and used with, a private key. That's public key cryptography.
For part 1, I guess I don't understand what you want to do with the public key other than generate a pseudonym with it, I don't see why not.
Maybe I'm misunderstanding your question but I believe the answer for part 2 is no.
Related
What is the difference between full Access Key and Private Keys?
The explanation here is quite limited. It would be great to know
The Difference
Examples when you would use which kind of key
Here is the link to the docs https://docs.near.org/docs/roles/integrator/integrating#access-keys
Comparing private keys to full access keys is like comparing apple to oranges. When we talk about an access key, regardless of its permissions, we usually talk about a public-private key pair. The public key of the key pair is added to the account state that is stored on chain while the private key is stored on some local device that can be used to sign transactions through some client.
It's somewhat of a misnomer situation.
There are 2 types of keys in Near:
Full Access Key
Limited Access Key or Function Call Access Key
Every key "pair" has a public and private part. These are often also called keys on their own i.e. my "public/private key." Keys are just data and usual looks like some random bytes. In near we use base58 encoding for string representations of these parts.
A private key is sometimes also called a secret key.
I have a collection which has several array of objects. In one of the sub-objects there is a field called secret which has to be stored in encrypted format, the field is of type String.
What is the best way of achieving?
I don't think writing a custom writer for the entire document is feasible.
How to write a String convertor that will be only applied for this single field?
There are many answers to this questions and different approaches that depend on your actual requirements.
The first question that you want to ask is, whether MongoDB is a good place to store encrypted values at all or whether there is a better option that gives you features like rewrapping (re-encrypt), key rotation, audit logging, access control, key management, …
Another thing that comes into play is decryption: Every time you retrieve data from MongoDB, the secret is decrypted. Also, encrypting a lot of entries with the same key allows facilitates cryptanalysis so you need to ensure regular key rotation. Least, but not last, you're in charge of storing the crypto keys securely and making sure it's hard to get hold of these.
Having a dedicated data type makes it very convenient writing a with a signature of e.g. Converter<Secret, String> or Converter<Secret, Binary> as you get full control over serialization.
Alternatively, have a look at https://github.com/bolcom/spring-data-mongodb-encrypt or external crypto tools like HashiCorp Vault.
In Google reCaptcha, why two different key used e.g. Private Key and Public Key
My question is - What is the specific purpose for each keys ?
I know this is a relatively old question, but in the hope that it can still help you or someone else in the future..
Recapcha uses the standard public/private key cryptography implementation. To quote the link (Wikipedia)
..two separate keys, one of which is secret (or private) and one of
which is public. Although different, the two parts of this key pair
are mathematically linked. The public key is used to encrypt plaintext
or to verify a digital signature; whereas the private key is used to
decrypt ciphertext or to create a digital signature.
I am working on an ASP.Net MVC 3 project where I would like to encrypt all emails stored in a database for additional protection in case some hacker would ever get access to the db, and I was wondering what was the best way to achieve this.
I read a bit about custom model binders, but this is for the binding between the controller and the view. I am not sure if this is what I want, since I may need to have access to unencrypted email addresses in the code (in the Service Layer, where I have the Business Rules). So I would have preferred the encryption/decryption to occur automatically when the model is saved to/loaded from the database, and this is what I don't know how to do.
We can imagine that I have this POCO model:
public partial class Contact
{
public virtual int ContactId { get; set; }
public virtual string Name { get; set; }
public virtual string Email { get; set; }
}
What I need is a way to have the Email property encrypted when it is persisted to the database and decrypted when it is loaded from the database.
One way to do it would be to have an extra UnencryptedEmail property in my Contact model that would have a getter and a setter that would decrypt and encrypt the Email property, but I find that having to add an extra property is not as clean a solution.
If, for some reason, using a custom IModelBinder is the way to go, please let me know why and tell me how to get it to be applied only on the Email property of the Contact model. Up to now, I have only seen implementations for applying transformations on all properties of a specific data type.
Consider using the Model View approach instead of directly binding to models and displaying them in the Views.
As for encryption and decryption there are tons of approaches you can employ.
I can see what you are looking for, instead of answering and explaining the whole stuff, I can point you to a related material which is not exactly what your requirement is but you can take a cue from it.
http://codefirstmembership.codeplex.com/
In the above code first membership provider code, the passwords are hashed and stored in database and for comparison the hashing is removed and then they are compared.
I understand it will be time consuming but its worth to take a look at.
I don't think the model binder is the right way to go. The encryption of an email sounds like a business requirement and as such I would place it in the business layer.
When storing the email, your business layer would get the plain email address as input from the application layer, encrypt it and pass the encrypted value to the repository.
When retrieving the email, your business layer would receive the email in an encrypted state from the repository, decrypt it and pass it back to the application layer.
Unless you require it, the application layer would not need to know about the encrypted version of the email as it only deals with the plain version of it. On the other end the repository would not need to know about the decrypted version of the email as it only needs to deal with the encrypted version of it. To that end the business layer does sound like the best place to handle this.
I've been looking through the documentation for Go's openpgp package, and I think I must be missing some obvious points. For example, there's a ReadKeyRing function, but no WriteKeyRing. I can, on the other hand, Serialize an Entity, but I have no way to read it back. What's going on here? Does anyone actually use this package?
An entity represents public+private GPG key information. The ReadKeyRing function allows you to read a list of GPG keys.
The Entity.Serialize function documentation states:
Serialize writes the public part of the given Entity to w. (No private key material will be output).
As it is only the public part of the entity, you can create a new entity with the serialized data as the public key.
A WriteKeyRing does indeed not exist. It would go through the list of entities and extract the public keys into an array.
I was also struggeling quite a lot with this - in the end I just learned it by example:
Encryption and Decryption example: https://gist.github.com/jyap808/8250124
Decryption Example: https://gist.github.com/jyap808/8250067
The thinking behind this is not made for a user, but seems to come strongly out of the actual way pgp is technically implemented.
I would suggest to generate the keys not via the package but just with a pgp command line tool.