I am trying organize a system of digital signature encryption and verification for my digital art being sold on a Wordpress website, without having to use code for this whole process. I am attempting to make this process straight forward and accessible for the average person with no code skills, so we can all understand and verify our ownership in simple terms, Hopefully. Is this possible?
Found this answers in a question similar to mine here:
“
1 Digest the file with a hashing algorithm like SHA-256. Creates a summary of a few bytes "hash"
2 Sign the hash using the RSA private key. This is called the "signature"
3 Send the file and the signature to a third party. They can verify the signature using the public key. If signature match then you can ensure the identity of the sender of the message and that has not been altered.
“
The first step is easy, there are plenty of softwares that we can download to produce this hash from a file just like using code it seems.
Now from the second step forward I am stuck. I am starting to understand the protocols now, but don’t know how to apply it… I’ve generated a private and public key using bitaddrres.org, but wasn’t able to figure out a way to make the encryption and decryption of the hash sequence without having to use code.
Do you see an easy solution for this? Perhaps a software people in my network could download, any help at this point would be much appreciated.
Thank you for your time
Related
I like to implement a secure signed token with some data for usage across multiple backend services.
Evaluating the possibilities it looks like the Ring-Library is already one of my project dependencies due to a higer level dependency (warp).
So I thought I could use ring for my purpose too, can I?
Unfortunately I was unable to find any up to date example how to use ring to encrypt and decrypt data with a pre shared key (or SSL-Certificate). All examples I found were outdated. And I was unable to use the documentation of ring to figure out the correct approach by myself.
Can anyone provide a very simple example how to use ring in ^0.16 to encrypt and decrypt data with a pre shared key and/or SSL-Certificate (generated by open-ssl for example)?
Or do you rather think I should not use ring, but another library for my purpose?
I am currently trying to build a project (self-learning) which essentially is a website for sharing files (between two users). I want to encrypt a file (pdf) using ECIES (primary objective) and then send it to another user. My questions are:
How to encrypt a file at client-side?
How to send an encrypted file to a server (which language/library/technology)
As my questions suggest, I am a beginner in web development.
As you're probably already aware, you won't get much use on a website like that as it's really difficult to prove you're not performing a MITM attack. That said from a cryptography point of view the tech you should use/investigate is:
ephemeral:ephemeral elliptic curve Diffie-Hellman, using a strong curve with fast, constant time scalar multiplication such as curve25519/x25519, deriving a shared secret which can be used (by hashing the x co-ordinate with a strong hash function such as SHA-256, SHA-3 or Blake2b).
using the key agreed in step one, encrypt with a strong authenticated symmetric cipher such as ChaCha20-Poly1305.
There are tonnes and tonnes of options, perhaps if you wanted to try being decentralised, the website could help route users to each others public keys on IPFS.
We have a project with a PWA where we want to implement client sided encryption. We wanted to use Webauthn as a second-factor in combination with passwords. In the background we use a randomly generated key to encrypt/decrypt the database, which is stored symmetrically encrypted with the password on the server. However I am struggling to find a good way to add encryption to this key with webauthn. My tries so far:
Using raw JS samples from https://webauthn.guide , however I cannot find a part which is always the same and could be used for symmetric encryption/decryption, even the public key changes when logging in with the same USB token multiple times (???)
Using fido2-lib from npm: I couldn't get the sample to work, since the sample is not well documented and pretty long
Using server-sided authentication like spring webauthn, however I do not want the server to know anything about the client.
Any suggestions how I could implement an encryption with webauthn?
The protocol as it stands does not provide generic public key crypto services as far as I am aware. The best you can do is prove that a user is in possession of the private key related to the public key you hold.
You can learn from the following github repo ,it has many Webauthn out of the box examples (see the tech it supports inside)
Here are some samples I found at github https://github.com/OwnID/samples
In addition,I read about FIDO ,Webauthn and passkeys at passkeys.com
Everything about this cool tech is there
Years after this question, the hmac-secret extension has arrived.
This extension binds a secret to a Webauthn credential. This secret can be used to decrypt or encrypt data on client side.
Another approach could be the use of the largeBlob to store a secret generated during the creation ceremony.
Note that the availability of those extensions depends on the authenticator that is used and may fail.
The FAQ recommends I don't do local verification of BrowserID (persona) security assertions, however I've never been good at following instructions.
So... I want to implement local verification anyway. It looks like the only thing the client libraries pass to the server side is a block of encrypted stuff called an "assertion". Presumably it is encrypted or signed using some public key encryption scheme, but I'm having trouble finding any details.
Can anyone explain it, or point me to the details?
The spec is currently not up to date with the latest data format changes, but this Python library has the ability to verify Persona assertions by itself (i.e. not using verifier.login.persona.org):
http://pypi.python.org/pypi/PyBrowserID
I want to follow up on the questions posted here:
Encryption with multiple different keys?
I've implemented the GnuGP solution for a web app I built but I fell into scalability issues pretty quickly and I have to admit I have been a bit stuck. Basically, it is true that you can encrypt a file with multiple public keys so all those people can decrypt the file. Great. But now imagine you share this file with 100 people, how do you do that?
The first limit I've encountered is the command line limit, where I cannot put in one line 100 public keys..
The second limit is everytime I want to add a new person or revoke access to someone, I have to re-encrypt with the 101 or 99 keys which is very time & CPU consuming.
The Third limit is even worse, let's say I'm sharing a folder, every new person getting access to the folder requires the re-encryption with ALL people of each file of the folder..
All this seems very dirty/hacky.. Anyone would have a better solution?
Thanks
Create a random AES secret key per folder, and use that to encrypt the files, e.g. using AES EAX. Then encrypt this key using the public keys of the persons you want to give access to. If you add a person later on, decrypt with an "admin" private key, and simply encrypt the secret key with the public key. You can use a hash (e.g. SHA-256) over the filename as the initial counter for the EAX cipher.
As for command line tools, you are better off programming this stuff (using GnuPG itself for C/C++ and related and Bouncy Castle for Java apps, for instance).