[英]How to do 1-of-X or Y-of-X public key based encrypt/ decrypt in NodeJs?
I would like to be able to encrypt data using public keys, and decrypt the encrypted data using private keys. 我希望能够使用公钥加密数据,并使用私钥解密加密数据。
Encryption essentially needs to accept inputs: 加密本质上需要接受输入:
How can this be done in NodeJs? 如何在NodeJ中完成?
By way of concrete scenarios, where there are 5 users (A - E) with crypto key pairs in the system. 通过具体方案,系统中有5个用户(A-E)具有加密密钥对。
A 1-of-X scenario: 1-of-X场景:
encrypted = crypto_encrypt(clearText, [A.publicKey, B.publicKey], 1)
(1-of-2) encrypted = crypto_encrypt(clearText, [A.publicKey, B.publicKey], 1)
(1-of-2) decrypted = crypto_decrypt(encrypted, [A.privateKey])
decrypted === clearText
decrypted === clearText
A.publicKey
was used in encryption A.publicKey
用于加密 decrypted = crypto_decrypt(encrypted, [C.privateKey])
C.publicKey
was not used in encryption C.publicKey
没有用于加密 A Y-of-X scenario: Y-of-X场景:
encrypted = crypto_encrypt(clearText, [A.publicKey, B.publicKey, C.publicKey], 2)
(2-of-3) encrypted = crypto_encrypt(clearText, [A.publicKey, B.publicKey, C.publicKey], 2)
(2-of-3) decrypted = crypto_decrypt(encrypted, [A.privateKey, C.privateKey])
decrypted === clearText
decrypted === clearText
A.publicKey
and C.publicKey
was used in encryption A.publicKey
和C.publicKey
都用于加密 decrypted = crypto_decrypt(encrypted, [C.privateKey, E.privateKey])
C.publicKey
was used in encryption, E.publicKey
was not C.publicKey
用于加密,但E.publicKey
却没有 PGP can do this. PGP可以做到这一点。
Specifically for node, openpgpjs
has a section in the README - https://github.com/openpgpjs/openpgpjs#encrypt-and-decrypt-string-data-with-pgp-keys - which could be condensed into: 特别是对于节点,
openpgpjs
在README中有一节 - https://github.com/openpgpjs/openpgpjs#encrypt-and-decrypt-string-data-with-pgp-keys - 可以压缩成:
const encryptedText = await openpgp.encrypt({ message: clearText, publicKeys });
const decryptedText = await openpgp.decrypt({ message: encryptedText, privateKeys });
However: 然而:
As noted by Luke Joshua Park in the comments, this sounds like a textbook use case for a secret sharing scheme . 正如Luke Joshua Park在评论中所指出的,这听起来像是秘密共享方案的教科书用例。 Specifically, I would recommend that you:
具体来说,我建议你:
Disclaimer: I have not reviewed the security or correctness of any of the APIs or libraries linked above.
免责声明:我尚未审查上述链接的任何API或库的安全性或正确性。 The cryptographic techniques they claim to use appear to be sound and suitable for this task, but I cannot guarantee that they have been implemented safely and correctly.
他们声称使用的加密技术看似合理,适合这项任务,但我不能保证它们已经安全,正确地实施。 Caveat emptor.
买者自负。
To decrypt the data, each user can first decrypt their share of the AES key using their private key, and a sufficient number of the decrypted shares can then be combined (using the same implementation of Shamir's secret sharing as used to create them) to reconstruct the original AES key, which can then be used to decrypt (and verify the integrity of) the data. 为了解密数据,每个用户可以首先使用他们的私钥解密他们的AES密钥份额,然后可以组合足够数量的解密份额(使用与创建它们相同的Shamir秘密共享实现)来重建原始AES密钥,然后可用于解密(并验证数据的完整性)。
Note that Shamir's secret sharing implicitly assumes that the users who combine their shares to reconstruct the secret will trust each other and not lie about their shares or otherwise misbehave. 请注意,Shamir的秘密共享隐含地假设组合其共享以重建秘密的用户将相互信任而不是谎言他们的共享或其他行为不端。 If that's not necessarily true, there are various ways for a malicious user to trick the others — perhaps most simply by waiting for everyone else to reveal their share to them and then refusing to reveal their own share to the others.
如果这不一定是真的,恶意用户可以通过各种方式欺骗其他人 - 也许最简单的方法是等待其他人向他们透露他们的份额,然后拒绝向其他人透露他们自己的份额。 In general, preventing such attacks is all but impossible without the help of some kind of a mutually trusted party.
一般来说,如果没有某种相互信任的政党的帮助,防止这种攻击几乎是不可能的。
At the very least, though, using an encryption mode like AES-SIV with built-in authentication should ensure that users will detect if the reconstructed AES key is incorrect, since the decryption will then fail. 但是,至少使用具有内置身份验证的AES-SIV等加密模式应该确保用户将检测重建的AES密钥是否不正确,因为解密将失败。 If you want to be extra sure of this, you may wish to also send each of the users a secure cryptographic hash (eg SHA-512 ) of the AES key, so that they can verify its correctness before attempting decryption.
如果您想要更加确定这一点,您可能还希望向每个用户发送AES密钥的安全加密哈希(例如SHA-512 ),以便他们可以在尝试解密之前验证其正确性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.