Re: Encrypted Private Key

On 2016-08-16 20:00, Charles Engelke wrote:
> This solution does not allow the actual unencrypted key to ever
 > leave the end user's control unless the software cheats. And that's
 > always a risk, not only with WebCrypto.

With WebCrypto we are presumably talking about software transiently
downloaded from a provider's site for running in a browser.

Ordinary users have no insight in such software and it haven't been
vouched for by a third-party either.

This is not a specific WebCrypto problem, it is rather a generic
Web issue, i.e. the lack of a "trusted code" concept.

Anders


  Only the user has the passphrase needed to access the key.
>
> Charlie
>
> On Tue, Aug 16, 2016 at 1:56 PM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     On 2016-08-16 19:23, Charles Engelke wrote:
>
>         We're doing the same thing. It's not a standard encrypted key format,
>
>     > but it is a standard encrypted data format and standard key derivation method.
>
>     This obviously works but does it address the trust issue which I thought was the origin for Peter's question?
>     IMO, it does not since a malicious provider can do whatever it wants including recording the decrypted private key.
>
>     Anders
>
>
>
>         Charlie
>
>         On Tue, Aug 16, 2016 at 12:54 PM, Jason Proctor <jason@mono.hm <mailto:jason@mono.hm> <mailto:jason@mono.hm <mailto:jason@mono.hm>>> wrote:
>
>             hi Peter,
>
>             our product implements end to end encryption and protects its private keys in a way which might work for you. i use a crypto concept called "passphrase based encryption", which isn't implemented directly by WebCrypto -- but this is forgiveable, IMHO, as there isn't really a proper standard for its details. i couldn't get it to work interoperably, so i rolled my own, and now i have 100% compatibility between WebCrypto, Bouncy Castle, and OpenSSL.
>
>             essentially the private key is protected by a passphrase which is only stored in the user's head. this passphrase is digested into a symmetric key which is then used to encrypt the serialised form of the private key. the encrypted form is then persisted with reasonable safety. on the way back out, the user is asked for the passphrase, it's used to decrypt the key back into its serialised form, which can then be imported into WebCrypto or other crypto packages.
>
>             does this make sense? let me know if i can help any further.
>
>             regards
>             Jason
>
>
>
>
>
>             On Tue, Aug 16, 2016 at 7:10 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>> wrote:
>
>                 On 2016-08-16 14:09, Peter Bielak, Executive Manager wrote:
>
>                     Anders thank you for help.
>
>                     I need to generate private key on client side so that provider cannot see this key.
>
>
>                 Hi Peter,
>
>                 This is the core problem with this design: the code that generates the key, decrypts the key etc. is supplied by the provider.
>                 IMHO, you either trust a service provider or you do not; this is something in between.
>
>                 This issue is probably also a reason to why WebCrypto maybe haven't been the smash hit once anticipated.
>
>                 If you still consider this solution, I would recommend taking a peek in
>                 https://pkijs.org/
>                 and check if they haven't already implemented something along the lines you request.
>
>                 Anders
>
>
>                 > That is why I need WebCrypto, I know that I could generate keys on server using OpenSSL etc. and the key needs to be stored in database so the only thing user has to care about is his password, it also needs to be in PKCS#8 PEM format so this key can be used for encryption in Swift on iDevices and in browser.
>
>
>                     One person from StackOverflow figured it out, here's my question: http://stackoverflow.com/questions/38413391/generate-rsa-key-pair-using-webcrypto-api-and-protect-it-with-passphrase <http://stackoverflow.com/questions/38413391/generate-rsa-key-pair-using-webcrypto-api-and-protect-it-with-passphrase> <http://stackoverflow.com/questions/38413391/generate-rsa-key-pair-using-webcrypto-api-and-protect-it-with-passphrase <http://stackoverflow.com/questions/38413391/generate-rsa-key-pair-using-webcrypto-api-and-protect-it-with-passphrase>>
>
>                     but when using forge JS library it somehow breaks the key and it cannot be imported as CryptoKey - DOMException error - nothing more
>                     I did this:
>                     my other question: http://stackoverflow.com/questions/38677742/cryptokey-arraybuffer-to-base64-and-back <http://stackoverflow.com/questions/38677742/cryptokey-arraybuffer-to-base64-and-back> <http://stackoverflow.com/questions/38677742/cryptokey-arraybuffer-to-base64-and-back <http://stackoverflow.com/questions/38677742/cryptokey-arraybuffer-to-base64-and-back>>
>                     CryptoKey to base64 and back works but when encrypted using forge and imported back - DOMException
>
>                     Thanks again
>
>
>                     ---- On Tue, 16 Aug 2016 13:45:32 +0200 *Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>>*wrote ----
>
>
>                         On Aug 16, 2016 12:50, "Peter Bielak, Executive Manager" <peter@safebash.com <mailto:peter@safebash.com> <mailto:peter@safebash.com <mailto:peter@safebash.com>> <mailto:peter@safebash.com <mailto:peter@safebash.com> <mailto:peter@safebash.com <mailto:peter@safebash.com>>>> wrote:
>                         >
>                         > I think the question should have been:
>                         > How do I generate passphrase protected encrypted private key - pkcs#8 using WebCrypto API?
>                         >
>
>
>                         It is surely doable but since protected keys is already a part of WebCrypto there is no direct support for your use-case.
>
>                         I have a feeling you are on the wrong track..
>
>                         anders
>
>
>
>
>
>
>
>

Received on Tuesday, 16 August 2016 18:21:14 UTC