I'm using ursa (nodejs module) to do the following:
Use a private key and someone else's public key to generate a symmetric key
Encrypt some data with the symmetric key
Encrypt the symmetric key with the user's public key
However, I can't seem to find any methods that allow me to create a symmetric key. My understanding is that simply generating a pseudo-random byte string should be good enough for the key, but then I can't use the rest of the method in ursa to actually encrypt anything because it's a random string and not a key/cert.
Am I missing anything?
URSA as the name suggests is an RSA implementation and as such doesn't not handle symmetric encryption. If you want those, then you can use node.js' native crypto module which provides everything you need in this regard.
Encrypt the symmetric key with the user's public key
This means that the symmetric key is simply data. URSA doesn't have to know what this is.
Related
i know that the default is that you have a public key to encrypt messages and a private key to decrypt the encrypted messages.
I need this turned around so that the public key can read the message and the private key can encrypt it.
My Goal is to generate a License Key for my software(NodeJS) which is given in with an ENV and i want to read than the License Key in Nodejs with the built in public Key to verify that the key got created by me.
Maybe there is a better solution for this?
Searched for basicly a switched Asymmetric Encryption variant.
I was wondering in which use case i should use these methods when encrypting and decrypting files in my node.js application.
The Problem
I want to encrypt some files in my server, after asking other people, i realized that the most recommended method is encrypt those files (larges) using a private key.
Now, i was looking for the docs and saw these methods
crypto.publicEncrypt(pubKey, buffer)
crypto.publicDecrypt(pubKey, buffer)
crypto.privateEncrypt(privKey, buffer)
crypo.privateDecrypt(privKey, buffer)
this is very confusing because i don't know what of them i must to use now, ahm... i don't know what is the most appropriate way to do this securely.
tl;dr encrypt with the public key. Keep your private key safe.
Unfortunately, these methods are poorly named. privateEncrypt should be called something like sign and publicDecrypt should be called something like verify.
When using public-key encryption (also known as asymmetric encryption), one key can be used to write a cipher and the other key can undo that operation. Your public key is potentially known to everyone, and your private key is secret.
If you want to keep something secret, except from the owner of a certain key, you want to encrypt a message with their public key. So if Alice wants to receive encrypted messages, she'll share her public key A_pub and her secret key A_priv, she'll keep to herself.. You'll encrypt your message crypto.publicEncrypt(A_pub, buffer). She'll then decrypt that message with crypto.privateDecrypt(A_priv, buffer).
Doing it the other way is known as a digitial signature.
I'm working with the enccc example, I'm able to encrypt and decrypt with a shared key, so the same key is used for both encryption and decryption. I need to use different keys, one to encrypt (like a public key) and another to decrypt (like a private key). Could someone guide me or tell me where I could read about it? Thanks and regards!
You can use the crypto/rsa package for encrypting using RSA.
I am looking for a strong encryption algorithm (already having generated a public key and private key).
I am using OpenSSL to generate RSA with 2048 bit key-length using an implementation in PHP. I just wanted to know how I can securely use the key for transmitting data.
What version should I use for RSA? How can I determine the version of RSA for the key generated by OpenSSL?
RSA encryption can be implemented using different padding mechanisms. To be precise RSAES-OAEP and RSAES-PKCS1-v1_5. These have been initially defined in different versions of PKCS#1, v1.5 and v2.0. I presume you mean this as "RSA version". There is also RSA KEM, which is probably the best mode to use for encryption, but it isn't used that much.
Both padding mechanisms however use the same keys. The only difference in keys is normally a key with or without CRT parameters. CRT parameters are used to speedup RSA private key operations 4-fold, they are generally included. The keys themselves do not specify for which padding mechanism they can be used.
It is however possible that the public key is embedded into a certificate that does specify different key usages. Even those however do not specify the padding mechanism itself.
So basically there is no such thing as an "RSA version" for keys.
If you can choose a padding algorithm, go for OAEP. Note that you should encrypt with the public key of the receiver, not a key from your own key pair. You should however use your private key to sign the encrypted data to make it unfeasible for an attacker to change the data in transit.
I know how asymmetric cryptography works. I know there are two keys (one private and one public).
When someone wants to communicate they exchange their public keys encrypt messages with those public keys AND then the respective message could be decrypted ONLY by the user that has the private key.
Now, I'm using Node.js and I need to do something like this...
I need an application that EACH hour reads a database, extracts data and saves it to a file that I need to send to another server.
My problem is that I DON'T WANT that file will be visible to other, I do the transfer using SSH so there is no problem BUT
I must encrypt that file because I'm not the admin of that server SO maybe someone could read it. Unfortunately the admin is the same for both servers.
So my idea is to encrypt the file with a public key, and then only he who has the private key(me) could decrypt it.
I think it is pointless using something like:
var key = 'blablabla'
If I use a public key, there is no problem, all can read it..... it is public indeed. But with this public key, nobody can decrypt the message, so it is
something like one-way encryption.
Now, could someone tell me if I need a signer/verifier to do this job, OR maybe I have to generate two keys (public/private) with openssl and pass those keys to a cipher/dechiper?
I'm looking at crypto modules, but there are no examples....
In general, your idea is right - you encrypt using public key and decrypt using private key of yours. However, practically the procedure is more complex. Random symmetric key is generated and the data is encrypted using that key. Then the public key is used to encrypt the random key. Encrypted key is sent to recipient together with encrypted data. On the other side encrypted key is decrypted using a private key, then the data is decrypted.
You can use OpenPGP keys or X.509 certificates to do the job.
In case of OpenPGP the standard offers encryption and decryption as atomic procedures (on the user level). In case of X.509 certificates you need to use PKCS#7 / CMS.
OpenSSL library offers operations with PKCS#7 / CMS, however when I look at nodeJS API for OpenSSL, that API is very limited and doesn't expose those functions. Maybe you can write your own nodeJS module which will interface with OpenSSL and provide missing functions.
Another alternative is to use OpenPGP keys and node-gpg module. That module uses gnupg to do the actual job, so gnupg must be installed.
Unfortunately I don't see any other suitable libraries in the 3rd-party module list provided in nodeJS wiki.