Geek asks and answers

Encryption based on user entered key

Context: Multi-User Application

Function: Confidential Data Encryption

History: As a tenant administrator, I want to encrypt sensitive data with my own password or phrase so that I and only I have full control over the key used.

Eligibility Criteria:

  • The administrator of each tenant must be able to determine the password or password to use for encryption.
  • Only the tenant administrator who provided the original password or password should know the key
  • After the tenant administrator has provided a password or password, it must be securely stored.

My questions

  • So far, we have used symmetric key encryption with a wide application key, hard-coded in the application. This will no longer work if each tenant wants to use their own key. How can we allow each user to define their own key?
  • How and where to store the key?
  • Does the password / password store a valid parameter in the certificate? If so, how to protect the keystore?
+3
source share
2 answers

/ . PBE (PBKDF2). , .

+3

, , (PBE) , :

PBEKeySpec pbeKeySpec;
PBEParameterSpec pbeParamSpec;
SecretKeyFactory keyFac;

// Salt
byte[] salt = {
    (byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c,
    (byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99
};

// Iteration count
int count = 20;

// Create PBE parameter set
pbeParamSpec = new PBEParameterSpec(salt, count);

// Prompt user for encryption password.
// Collect user password as char array (using the
// "readPasswd" method from above), and convert
// it into a SecretKey object, using a PBE key
// factory.
System.out.print("Enter encryption password:  ");
System.out.flush();
pbeKeySpec = new PBEKeySpec(readPasswd(System.in));
keyFac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

// Create PBE Cipher
Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");

// Initialize PBE Cipher with key and parameters
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

// Our cleartext
byte[] cleartext = "This is another example".getBytes();

// Encrypt the cleartext
byte[] ciphertext = pbeCipher.doFinal(cleartext);
+2

More articles:


All Articles