I have an external storage which I am wanting to store encrypted files.
Each file is AES encrypted with its own data key, and all of the data keys are saved into a single keys.json file at the same storage location as all of the encrypted files.
The keys.json file is AES encrypted using a main key.
The main key is encrypted using a users RSA public key.
When I want to share the files with another user I encrypt the main key using the new users RSA public key.
Is this strategy ok?
My main concern is the keys.json file containing ALL of the data keys for ALL of the files on the storage location.
Related
I've been doing some searching and still do not know if this is possible. What I want is for a message to by encrypted by our system and decrypted by a "master key" and also a 3rd party.
This encrypted message needs to be decrypted by 2 entities
-A 3rd party (which we want the control to shut off their ability to decrypt)
-Our system (which we want to always be able to decrypt no matter what, master key?)
From some research I was doing there is a concept of master key and derived keys
Does this following system exist?:
Master Key - can decrypt anything encrypted by derived keys
DerivedKey1 -> Encrypt data with this key and be able to decrypt with Master Key OR DerivedKey1
DerivedKey2 -> Encrypt data with this key and be able to decrypt with Master Key OR DerivedKey2 but NOT derivedKey1
Any terminology I should be using to search for answers would be helpful, also any crypto systems that do this already would be great to know.
Yes, I mean deny any new messages sent from our system to be decrypted
You can encrypt the content with a random key (data key).
Then you can encrypt the data key for each intended recipient (master key and any 3rd party) using its shared or public key.
I have created the CSR for my Signing Certificate. During CSR creation, the CSR file saved on my system. But i couldn't find where is the Private key file. I am following the below URL instruction to create CSR file. Anyone help me with these how to check and find Private key file.
https://in.godaddy.com/help/windows-generate-csr-for-code-or-driver-signing-certificate-7282
Thanks for your help.
In Windows the private key is generated when you use the snap-in to generate the CSR. The private key is stored (encrypted) at:
%APPDATA%\Microsoft\Crypto\RSA\Your SID
or
%APPDATA%\Microsoft\Crypto\Keys
If there are multiple files in that folder, look for one with a date and time close to when you generated your CSR.
While using GPG for encryption is it safe to rename the file after it is encrypted or depending on the algorithm used for encryption the file uses the name also for verifying the contents.
You can rename the file without issues. The original filename is safely encrypted inside the file. The filename is never used for decryption in any way.
We were using the "RSA Protected Configuration provider" to encrypt sensitive information in our config files. More info about this on MSDN at - http://msdn.microsoft.com/en-us/library/ms998283.aspx.
In the generated config file there is a triple-DES encrypted key. So that means the config section is actually encrypted/decrypted using this symmetric key.
But this symmetric DES key is actually encrypted/decrypted using the RSA private/public key in the RSA key container. The question I have is whether the public/private RSA keys in the container are also encrypted? If yes, then where is the key for that stored?
If the keys in the container are not encrypted, then why do we need to export the keys to a XML file and them import them in another machine? Why not just copy-paste the RSA container key to all nodes in a web cluster/farm?
They are encrypted using DPAPI.
I am new to cryptography, hence I want to ask about my company's requirements.
We are using eToken with RSA support.
I have developed a code that encrypt file with public key and stored it in another file.
Now I want to pass the encrypted file to eToken, and here is my issue.
How can I access the eToken from a Java applet?
Is it right that I have to pass encrypted file to eToken and it will decrypt file for me?
How can I do this?