I'm working with the enccc example, I'm able to encrypt and decrypt with a shared key, so the same key is used for both encryption and decryption. I need to use different keys, one to encrypt (like a public key) and another to decrypt (like a private key). Could someone guide me or tell me where I could read about it? Thanks and regards!
You can use the crypto/rsa package for encrypting using RSA.
Related
i know that the default is that you have a public key to encrypt messages and a private key to decrypt the encrypted messages.
I need this turned around so that the public key can read the message and the private key can encrypt it.
My Goal is to generate a License Key for my software(NodeJS) which is given in with an ENV and i want to read than the License Key in Nodejs with the built in public Key to verify that the key got created by me.
Maybe there is a better solution for this?
Searched for basicly a switched Asymmetric Encryption variant.
I was wondering in which use case i should use these methods when encrypting and decrypting files in my node.js application.
The Problem
I want to encrypt some files in my server, after asking other people, i realized that the most recommended method is encrypt those files (larges) using a private key.
Now, i was looking for the docs and saw these methods
crypto.publicEncrypt(pubKey, buffer)
crypto.publicDecrypt(pubKey, buffer)
crypto.privateEncrypt(privKey, buffer)
crypo.privateDecrypt(privKey, buffer)
this is very confusing because i don't know what of them i must to use now, ahm... i don't know what is the most appropriate way to do this securely.
tl;dr encrypt with the public key. Keep your private key safe.
Unfortunately, these methods are poorly named. privateEncrypt should be called something like sign and publicDecrypt should be called something like verify.
When using public-key encryption (also known as asymmetric encryption), one key can be used to write a cipher and the other key can undo that operation. Your public key is potentially known to everyone, and your private key is secret.
If you want to keep something secret, except from the owner of a certain key, you want to encrypt a message with their public key. So if Alice wants to receive encrypted messages, she'll share her public key A_pub and her secret key A_priv, she'll keep to herself.. You'll encrypt your message crypto.publicEncrypt(A_pub, buffer). She'll then decrypt that message with crypto.privateDecrypt(A_priv, buffer).
Doing it the other way is known as a digitial signature.
I'm using ursa (nodejs module) to do the following:
Use a private key and someone else's public key to generate a symmetric key
Encrypt some data with the symmetric key
Encrypt the symmetric key with the user's public key
However, I can't seem to find any methods that allow me to create a symmetric key. My understanding is that simply generating a pseudo-random byte string should be good enough for the key, but then I can't use the rest of the method in ursa to actually encrypt anything because it's a random string and not a key/cert.
Am I missing anything?
URSA as the name suggests is an RSA implementation and as such doesn't not handle symmetric encryption. If you want those, then you can use node.js' native crypto module which provides everything you need in this regard.
Encrypt the symmetric key with the user's public key
This means that the symmetric key is simply data. URSA doesn't have to know what this is.
I'm wondering if it's possible to encrypt text client side.
The situation is that I have a block of text I want to encrypt, and then save the encrypted text to a file. Only after a certain amount of time has passed will my program decrypt it. Another requirement I have is to be able to transfer the file with the encrypted text and be able to decrypt it with other copies of my program on various machines.
The problem is where to store the key. The only implementation I can think of that would work is if I store the key server side, and have it return the key after a certain time has passed.
Is there a way to do this client side (i.e. without any internet access)?
You can surely encrypt text on the client side, but the real problem is key management.
If the assumption is no Internet access, then you're going to have to package a certificate in the client that contains both keys, private to encrypt, public to decrypt, unless you use a symmetric key. Was going to suggest just generating a local, temporary symmetric key, but you state you must be able to decrypt the text on other machines that won't have it, so that won't work. At first blush, and maybe I'm overlooking something obvious, is packaging a cert on the client with public and private keys, and that introduces its own set of problems, eg protecting the cert with the private key.
I know how asymmetric cryptography works. I know there are two keys (one private and one public).
When someone wants to communicate they exchange their public keys encrypt messages with those public keys AND then the respective message could be decrypted ONLY by the user that has the private key.
Now, I'm using Node.js and I need to do something like this...
I need an application that EACH hour reads a database, extracts data and saves it to a file that I need to send to another server.
My problem is that I DON'T WANT that file will be visible to other, I do the transfer using SSH so there is no problem BUT
I must encrypt that file because I'm not the admin of that server SO maybe someone could read it. Unfortunately the admin is the same for both servers.
So my idea is to encrypt the file with a public key, and then only he who has the private key(me) could decrypt it.
I think it is pointless using something like:
var key = 'blablabla'
If I use a public key, there is no problem, all can read it..... it is public indeed. But with this public key, nobody can decrypt the message, so it is
something like one-way encryption.
Now, could someone tell me if I need a signer/verifier to do this job, OR maybe I have to generate two keys (public/private) with openssl and pass those keys to a cipher/dechiper?
I'm looking at crypto modules, but there are no examples....
In general, your idea is right - you encrypt using public key and decrypt using private key of yours. However, practically the procedure is more complex. Random symmetric key is generated and the data is encrypted using that key. Then the public key is used to encrypt the random key. Encrypted key is sent to recipient together with encrypted data. On the other side encrypted key is decrypted using a private key, then the data is decrypted.
You can use OpenPGP keys or X.509 certificates to do the job.
In case of OpenPGP the standard offers encryption and decryption as atomic procedures (on the user level). In case of X.509 certificates you need to use PKCS#7 / CMS.
OpenSSL library offers operations with PKCS#7 / CMS, however when I look at nodeJS API for OpenSSL, that API is very limited and doesn't expose those functions. Maybe you can write your own nodeJS module which will interface with OpenSSL and provide missing functions.
Another alternative is to use OpenPGP keys and node-gpg module. That module uses gnupg to do the actual job, so gnupg must be installed.
Unfortunately I don't see any other suitable libraries in the 3rd-party module list provided in nodeJS wiki.