I am trying to find an algorithm that will help encrypt data using the public key and decrypt using the private key in the smart contract. Cryptosuite is supposed to help achieve that but I can't find even one code example. Can you please explain what the 'opts' parameter in this method is supposed to be and how its supposed to be used:
encrypt(key, plainText, opts)
Or if you know a better API or algorithm to do asymmetric encryption in hyperledger fabric.
Related
I am developing a document sharing application that allows users to send files securely. Currently, I encrypt documents on the server side using encryption (key, IV), then encrypt the key and IV with the recipient's public key. However, I want the encryption to be client-side to avoid man-in-the-middle attacks.
I am aware that storing all the information (public key, private key, IV, etc.) on the server side can make my application vulnerable to a data breach, so I am looking for an end-to-end encryption solution.
I am new to this and was wondering if there are any libraries or security protocols I could use to implement this end-to-end encryption method.
What would be the best approaches to implement end-to-end encryption for my application? Are there any specific libraries or security protocols that I could use to enhance the security of my application?
Thank you in advance for your help and advice.
I recently started learning hyperledger fabric, I'm working on a simple private blockchain for managing digital data, this data would be encrypted with user public key and can only be decrypted with the user private key, so my question is, is there a way to get user private and public key in hyperledger fabric for data encryption purposes
Although MSP ECDSA keys are used to sign, you can use them to encrypt via ECDH. Basically you can derive the same shared secret from public key A and private key B as from public key B and private key A, so that you use that shared secret as a symmetric AES key to encrypt.
An example with openssl: https://jameshfisher.com/2017/04/14/openssl-ecc/. You don't need to create the key pairs as you already have them. You can implement it in javascript with elliptic and crypto libraries.
You manage your own private and public keys (in your client's wallet after enrolling), but you have to arrange your reliable way to distribute the other's public key. You can easily verify that public key if it is embedded in a valid certificate, but the way to distribute it is in your hand.
yes, fabric uses public-key infrastructure. Every transaction in the fabric is signed by the user's private key. And at chaincode level, you can get the public key of the user from its E-certs.
More about Identity from fabric docs
https://hyperledger-fabric.readthedocs.io/en/release-2.0/identity/identity.html
CID golang package to get E-cert at chaincode level https://github.com/hyperledger/fabric-chaincode-go/tree/master/pkg/cid
I am trying to implement JWE for my Rest API. I came across following NODE library that implements JWE. However the library lack the documentation around how JSON Web Key(JWK) should be used(JSON object) that help in Key Management Mode. The JWE documentation reads as follows:
A method of determining the Content Encryption Key value to use.
Each algorithm used for determining the CEK value uses a specific
Key Management Mode. Key Management Modes employed by this
specification are Key Encryption, Key Wrapping, Direct Key
Agreement, Key Agreement with Key Wrapping, and Direct Encryption.
So I want to know how I should feed the JWK to this library inorder to implement JWE ? I want to know how my JSON format will dictate the Key Managemnet Mode ?
Can any one provide mi such JSON format for JWK and tell how that provide the Key Management Mode ?
Node-jose
I wrote a documentation for my PHP framework where you will find a table about the relationship between the encryption algorithm and the key management mode.
I would appreciate clarification and advice on the following:
My project requires me to use symmetric data encryption (using AES), in a Nodejs environment, to secure data on a database (mongodb). Ideally, I would like to do this as follows:
Store the symmetric key in Azure Key Vault as a Key, then make 'encrypt' calls to the vault to perform AES encryption on the data with the Key. The encrypted data is sent in the response to my app and then stored in the database in its encrypted form.
I am confused after reading MS Azure's documentation and related blog posts, where some sources claim symmetric key encryption is supported, but there is no official documentation on this.
Can anyone advise whether this an exhaustive list of all key types and algorithms supported for Azure's Key Vault?
https://msdn.microsoft.com/en-us/library/azure/dn903623.aspx#BKMK_KeyTypes
It also seems this may be an option (http://www.nuget.org/packages/Microsoft.Azure.KeyVault.extensions) but only for environments on .NET. Any love for Nodejs?
If indeed symmetric keys/encryption are not currently supported, can anyone offer an alternative means to my approach described above?
Thanks and much appreciated.
I agree the documentation/blogs do seem a little confusing on this topic. From my understanding the key vault does not yet currently support symmetric encryption. I believe the closest you can get is storing symmetric keys as secrets and using them outside of the vault.
This article talks about doing such. See the section where the heading is Use Key Vault secrets
I understand your using node.js and that example is in powershell just trying to illustrate the example of symmetric encryption with a secret. Obviously the crypto operations happen outside the vault. So, at rest the keys are more secure but do get exposed in memory anytime an operation occurs.
Hope that helps.
Here is an example in PowerShell of creating a secret in Key Vault that can be used as a SymmetricKey.
SymmetricKey sec = (SymmetricKey) cloudResolver.ResolveKeyAsync(
"https://contosokeyvault.vault.azure.net/secrets/TestSecret2/",
CancellationToken.None).GetAwaiter().GetResult();
I'm a newbie to OAuth 2.0. Currently I am in the process of implementing OAuth 2.0 for the server to server application as mentioned in this link . As per the link, it says to generate a Public/Private key pair. After generating the pair, the message box says that
"The Private Key has been downloaded to your machine and serves as the
only copy of this key. You are responsible for storing it securely ".
Can anybody suggest me what are the different ways to store this private key securely and/or any reference materials to go through?
Please let me know if you need additional information.
Thanks in advance.
I did it by storing in the database. We have a production database in which we had introduced two more columns to store the Client_ID and Private Key. They will not be stored as is rather, we are encrypting them and then storing. It is the applications responsibility to decrypt and use it. Please let me know if any one has a better idea.