I would like to ship my app to my client with my own public key. This key will be used when my clients need to export IP data from my app for debugging purposes. This data needs to only be readable by myself. Suppose that clients can not read my code and can not access my app's memory but would be able to identify my public key inside the app and maybe replace it with theirs thus making the exports readable by them. What options do I have to ensure that my public key is actually a pair for my own private key before commencing the export?
If we assume the OP's threat model, specifically that the attacker is not debugging the app and/or somehow messing with the process' memory in run time, the app should validate the public key before performing encryption, wherever the public key might come from.
In the order of diminishing strength:
digital signature from a public certificate authority (it will be paid), rely on system trusted roots
digital signature with another private key that the OP possesses (hard-code the public key in the app)
HMAC of a public key with a hard-coded secret
hash of a public key
In case of RSA keys, the modulus pretty much identifies the public key. The public exponent in most vendor implementations of RSA that I'm familiar with is hard-coded to 65537 anyway.
Related
Is there a cryptographic mechanism or algorithm to verify if the other party has a valid private
key without being able to decrypt the messages encoded with that private key?
For example with asymmetric encryption private key can decrypt messages encrypted with public key and vice versa public key can decrypt messages encrypted with private key - as I understand this is how usually digital signing works.
This mechanism doesn't work for me as on the server side I don't want to be able to decrypt messages encrypted with the private key... I just want to verify 'in some way' if the client side has a correct private key that can potentially decrypt a 'certain (encrypted) file'.
Just wanted to throw this question here if somebody has come with solution/mechanism for this specific use case? Is that even mathematically possible to achieve?
For example with asymmetric encryption private key can decrypt messages encrypted with public key and vice versa public key can decrypt messages encrypted with private key - as I understand this is how usually digital signing works.
That is not quite correct. A public key's job is to encrypt a message that only a private key can decode.
so in your case, in the simplest implementation,
you create a key pair and give user your public key
user create a key pair and gives you their public keyy
you have a 'for-your-eyes-only' file which you encrypted using the user public key and placed on your server.
the user downloads the file and decodes it using user private key
your main security concerns are;
how you create and store your key pair, same for user
how you exchange the public key, how you/user verify each others public key
there are tons of great blogs on the net, they answer each concern and more in great depth.
Whenever any application(browser, thick client application) is requesting to generate an AES key, I would like to supply a static key to that application.
Is there any way to do this in Linux or windows?
There is not an universal way of generating AES keys that applications needs to adhere to.
Forcing a static key on an arbitrary application ought to be hard/impossible if the application is secure - and would be a case by case activity.
I am developing a windows desktop app where the clients applications need to download some data file from a public shared folder. in order to protect the data from tempering i would like to generate RSA private and public keys. keep the public key in my own machine at home and include the private key in all clients.
when i want to send a new file for the clients to download (at well) i hash the file and encrypt the hash with the public key and store it as .sig file alongside the data file in a public shared folder.
now if one of the client users is malicious he can steal the private key from his machine.
the question is : provided that the public key is secret and this is the only use of that key pair and i absolutely don't need any encryption on the data file. does stealing the private key from a client compromise my public key? i.e can the malicious user craft a file signature so that the data file appear to be coming from me?
I belive you've designed this backwards.You want to send the public key to the clients and keep the private to yourself. The public key is public; anyone should be able to know it. The private key is private; only the owner should know it.
Rather than hashing the file and encrypting the hash with the public key, you want to sign the file with your private key and let the clients use the public key to verify the signature. The signing operation performs the same idea as your "encrypt the hash" but is the standard construction, and your RSA tools likely include a signing function.
I have an use case where i need to send data to multiple counter parties but the parties need to be kept anonymous of each other . After the endorsements are collected back from the counter parties i need to commit the whole transaction. The atomicity of the whole transaction needs to be maintained.
What is the best way to achieve this with Flows.
For this, you need to use confidential identities. Confidential identities are represented in states by the AnonymousParty class:
class MyState(val party: AnonymousParty): ContractState {
override val participants = listOf<AnonymousParty>(party)
}
The difference between a Party and an AnonymousParty is that AnonymousParty identifies participants by public key only. As long as each transaction participant generates a new public key for the transaction, their identity, and therefore their involvement in the state, will be secret.
To create a transaction involving confidential identities, you must do the following:
One party who initiates the flow - let's call her Alice - must know the identity of all the counterparties (to know whom to gather signatures from)
Alice runs the SwapIdentitiesFlow with each counterparty to automate the creation of confidential identities for all the participants
Alice uses these confidential identities in building the transaction
Alice gathers signatures from all the counterparties
Alice finalises the transaction
Each party will end up with the transaction in their vault, but each party is only identified by an anonymous public key, so the involvement of each party is kept secret from their peers.
You can find docs about this API here: https://docs.corda.net/api-identity.html. You can find an example usage of confidential identities here: https://github.com/joeldudleyr3/whistleblower.
I was wondering if there is a free encryption library that implements group encryption with multiple private keys and a single public key.
I assume you mean for the single public key to be the signer.
OpenPGP can take care of that use case, and the GNU Privacy Guard (with its associated library) is a free implementation of OpenPGP. I've used a Python binding to gpgme, myself.
(As I understand it, this is implemented by encrypting a symmetric key with each of the recipients' public keys, so that any of the recipients' private keys may be used to decrypt the message.)