5

I'm creating a web service that stores a list of users with their public keys online, as well as encrypted messages. My end goal was end-to-end encryption.

I initially thought this would be pretty easy -- "Oh, OpenSSL and RSA private/public key asymmetric encryption is great." False. RSA will only encrypt a tiny bit of data, presumably to pass a regular, symmetric key back and forth.

Okay, so I tried to find solutions online. Most of them either ended without a functioning example or pointed at using the command line, all of which seemed excessive and incomplete.

Is there a way to use end-to-end encryption on data with asymmetric keys, or is it all a personal pipe dream? OpenSSL in PHP has a way to do this already, and it's kludgy but it works.

Is there some method I'm missing here?

Community
  • 1
  • 1
  • 2
    End-to-end encryption uses _symmetric_ encryption (3DES, for instance) for the actual data, using asymmetric encryption only for the session key. – Jim Garrison Aug 12 '14 at 22:56
  • 1
    Do you only need transport security? Or do you actually need to protect separate messages that pass through a server/proxy? In the former case you don't need anything other than TLS. Java has TLS with RSA authentication for sure. – Maarten Bodewes Aug 13 '14 at 07:24
  • I don't get your problem with RSA based hybrid encryption. Personally I prefer ECIES style encryption, but that's mainly a matter of taste. Apart from the dubious choice of padding, John Snow's answer to the question you linked is fine. – CodesInChaos Aug 13 '14 at 10:18
  • @CodesInChaos et al: I'm just kind of dense, and I was hoping to find any sort of example, working library, etc. I can nod my head to the idea but without any implementation example, I'm pretty lost. –  Aug 13 '14 at 19:40

3 Answers3

7

The common way to encrypt larger amount of data with a asymmetric keys (eg. RSA) is by use of hybrid encryption. In hybrid encryption you mix symmetric and asymmetric encryption. First you generated a random symmetric key, that is used to encrypt the data. Then you encrypt the symmetric key with the asymmetric key. The encrypted data + the encrypted random key are then put together and makes up the full encrypted data.

The openssl_seal() in PHP you refer to, uses hybrid encryption where the symmetric algorithm is RC4. How data is encoded and put together in the encrypted files have been defined by the openssl implementation, and might not necessarily be the way you would want to do it. PGP, as an other example of hybrid encryption, uses it's own way of packing the data.

In any case, hybrid encryption is not something you get out of the box in java, and you typically need to implement each of the encryption + packaging steps yourself, or use one of the libraries that implements there version of this. An example of doing it yourself is this Java code I found that can decrypt messages encrypted with the above mentioned openssl_seal().

An example of using a library for hybrid encryption, could be using the PGP support in Bouncy Castle.

Lonzak
  • 9,334
  • 5
  • 57
  • 88
Ebbe M. Pedersen
  • 7,250
  • 3
  • 27
  • 47
  • 2
    Unfortunately, `openssl_seal` has weaknesses: For one thing, the encrypted data isn't integrity protected, meaning that attackers could modify the cipher text. For another, RC4 is used, which is now considered a poor cipher. There are techniques such as AEAD which provide integrity protection along with encryption. – Peter O. Aug 13 '14 at 23:23
  • Thank you for the link; I'm checking into it now. I should have been more specific: while I _like_ how OpenSSL libraries work, I don't need to use them. So this example is perfect for half of my dilemma; it works just fine on the decrypting end. I'm going to have to dig a little more for encrypting, which should be easier now. –  Aug 14 '14 at 13:44
  • FYI, the link to example code using openssl_seal in Java is dead. Not terribly surprising given its age, but worth noting. – Digital Deception Apr 10 '17 at 05:20
1

Ebbe's answer is very good, however this question was highly ranked in Google in my attempt to try and find a decent hybrid encryption library (Bouncy Castle's documentation is non-existent and not straight-forward, and GnuPG for Java relies on the OS and is not fully tested). So I thought I'd add on to Ebbe's answer for the weary traveller.

If you can use them, JWTs (JavaScript Web Tokens) could be handy for this. It's also an IETF Standard. There are two different types:

Support for JWEs are unfortunately a bit poor at this point in time. However this should hopefully improve. At this point in time (2017-04-11), the only Java JWT library that supports JWEs is BitBucket's Jose4j.

Community
  • 1
  • 1
Digital Deception
  • 2,677
  • 2
  • 15
  • 24
0

I'm not really sure what you're trying to en- and decrypt, but GnuPG for Java might be a good choice.

It supports public and private keys and can en- and decrypt bigger files and data.

Benjamin Marwell
  • 1,173
  • 1
  • 13
  • 36
  • He doesn't need any third party libraries. He only needs to clarify his question. – user207421 Aug 13 '14 at 09:38
  • I couldn't comment. But his question was: "Is there a way to use end-to-end encryption on data with asymmetric keys". And I think my answer is appropriate to this question. – Benjamin Marwell Aug 13 '14 at 10:26