B Brigade
asked on
How can I integrate end-to-end encryption (without a third-party integration such as Virgil) in a node and MySQL environment?
The app uses REST, sockets and all users have already been authenticated.
The goal is to allow users to post information into the app and the database will save it encrypted. An admin would not be able to decrypt it and see the information. A user or users(ex: chat group) if the system determines if the users request is permissible, give the encrypted information to the user.
Unfortunately, my understanding in encryption is lacking so i will have some under-sight in my question. I apologize in advanced.
**Ideas**
My thoughts are to use crypto to create the private and public keys and store them in the database for use later? But if I store them in a database and know the mechanism that the crypto was generated wouldn't I be able to decrypt it? Therefore, the database entries would look encrypted but in reality, I could decrypt it because I know how they are created and the information/keys used to decrypt the info?
My thoughts on the creation of the public keys would be generated as such
1) Create a new chat
- Simultaneously create the keys for the chatroom using Diffie Hellman (Im not 100% certain this is the best method but from my reading this seems to be best practice)
2) Add individuals to the chat ( can be done at step 1 too )
3) Save the private and public keys for the chat into the DB
4) Give each member the public key
My second thought was to create a new database and keep it on a different server but if i control the server than the problem still persists. But at least you could reduce the potential of exposing everything because you would need to compromise both.
My third thought was to use mysql en/decrypt functions and use an unique salt. However, if the information is shared, i would need to save the salt separately to decrypt the information for multiple users. Again i'm in the same boat where i can decrypt the information using the information stored in the DB.
My forth thought is that it isn't possible in a REST environment without a third party integration.
Any advice is greatly appreciated!
The goal is to allow users to post information into the app and the database will save it encrypted. An admin would not be able to decrypt it and see the information. A user or users(ex: chat group) if the system determines if the users request is permissible, give the encrypted information to the user.
Unfortunately, my understanding in encryption is lacking so i will have some under-sight in my question. I apologize in advanced.
**Ideas**
My thoughts are to use crypto to create the private and public keys and store them in the database for use later? But if I store them in a database and know the mechanism that the crypto was generated wouldn't I be able to decrypt it? Therefore, the database entries would look encrypted but in reality, I could decrypt it because I know how they are created and the information/keys used to decrypt the info?
My thoughts on the creation of the public keys would be generated as such
1) Create a new chat
- Simultaneously create the keys for the chatroom using Diffie Hellman (Im not 100% certain this is the best method but from my reading this seems to be best practice)
2) Add individuals to the chat ( can be done at step 1 too )
3) Save the private and public keys for the chat into the DB
4) Give each member the public key
My second thought was to create a new database and keep it on a different server but if i control the server than the problem still persists. But at least you could reduce the potential of exposing everything because you would need to compromise both.
My third thought was to use mysql en/decrypt functions and use an unique salt. However, if the information is shared, i would need to save the salt separately to decrypt the information for multiple users. Again i'm in the same boat where i can decrypt the information using the information stored in the DB.
My forth thought is that it isn't possible in a REST environment without a third party integration.
Any advice is greatly appreciated!
ASKER
I guess i know enough about encryption im just not an expert.
The simplified model of the encryption was interpreted from whatsapp. However, the difference which i think is important is both signal and whatsapp have access to the users phone and presumably store the public key permanently(assuming the apps are kept indefinitely). Therefore, they apps can freely exchange the pub keys.
Cookies or local storage could operate as the same device however this would present an undesirable situation in a REST environment where the browser is your main access point - apologize for not disclosing - hard to include every relevant detail without writing a novel) as your keys would be locally stored on web, phone, etc. Therefore, i need to centralized place to store the information or generate them on each authentication (website to each time of a successful login). If i store them than i do not see the point in the performance decreased due to en/decryption - admin could just encrypt it.
i understand that with more individuals means more sharing keys
The simplified model of the encryption was interpreted from whatsapp. However, the difference which i think is important is both signal and whatsapp have access to the users phone and presumably store the public key permanently(assuming the apps are kept indefinitely). Therefore, they apps can freely exchange the pub keys.
Cookies or local storage could operate as the same device however this would present an undesirable situation in a REST environment where the browser is your main access point - apologize for not disclosing - hard to include every relevant detail without writing a novel) as your keys would be locally stored on web, phone, etc. Therefore, i need to centralized place to store the information or generate them on each authentication (website to each time of a successful login). If i store them than i do not see the point in the performance decreased due to en/decryption - admin could just encrypt it.
i understand that with more individuals means more sharing keys
Would i use a system like you describe...? My main question would be how can i trust it......
- How can you trust anything?
- i would follow industry best practices - which is kind of why i am asking the question - i can implement whatever i chose but its better to....
- Use OWASP as a reference
- I want the user to feel safe - there is considerable value so our goals align
- I do not want to roll my own module instead rely on something (if needed) like virgil - i just prefer to limit the exposure
@1: that is unanswerable...., the start is to at least know where something comes from.
@2: Industry best practice is to NEVER relinquish a private key. The private key should stay in the SOLE controle of the person/system that uses it.
If there a possibility that anything else CAN (not necessarily DOES) access this key, the should be considered compromised. (at least it doesn't guarantee the encryption of the message has been done exclusively by the sending person/system/...).
(f.e. this is why SSH insist on this key to be user read only, and refuses to use it otherwise).
@3: no comment there
@4: See @1 & 2...
@5 Using third party products, does require auditing it (or pass unreadable blobs through them).
You might not want to get involved in these kinds of headliness: https://www.theguardian.com/us-news/2020/feb/11/crypto-ag-cia-bnd-germany-intelligence-report
@2: Industry best practice is to NEVER relinquish a private key. The private key should stay in the SOLE controle of the person/system that uses it.
If there a possibility that anything else CAN (not necessarily DOES) access this key, the should be considered compromised. (at least it doesn't guarantee the encryption of the message has been done exclusively by the sending person/system/...).
(f.e. this is why SSH insist on this key to be user read only, and refuses to use it otherwise).
@3: no comment there
@4: See @1 & 2...
@5 Using third party products, does require auditing it (or pass unreadable blobs through them).
You might not want to get involved in these kinds of headliness: https://www.theguardian.com/us-news/2020/feb/11/crypto-ag-cia-bnd-germany-intelligence-report
if it is dealing with cryptography one thing to consider to build assurance is through FIPS or EAL which is nontrivial and performed by independent Accredited laboratories
The Federal Information Processing Standard 140-2 (FIPS 140-2) is a U.S. and Canadian co-sponsored security standard for hardware, software, and firmware solutions. In U.S. government procurement, all solutions that use cryptography must complete FIPS 140-2 validation to ensure end users receive a high degree of security, assurance, and dependability.
Conformity assessment of products performing cryptographic operations has been foreseen by the European legislation to be assessed within the Common Criteria framework for information technology security evaluation. The Common Criteria is a multilateral agreement for mutual recognition of ICT security products certifications, and has been adopted as an international standard by the ISO/IEC 15408 Series: Information technology, Security techniques, Evaluation criteria for IT security
ASKER
All answers here are condescending and off point
Answer the question in the context - odbiously if im going to follow best practices i cannot do things that are contra to it. THIS IS ONE OF THE REASON WHY I WROTE THE QUESTION.
1) I DO NOT HAVE ACCESS TO THE USERS DEVICE THEREFORE I CANNOT STORE A PRIVATE KEY
JUST SHIT ANSWERS HERE
WASTE OF TIME
Answer the question in the context - odbiously if im going to follow best practices i cannot do things that are contra to it. THIS IS ONE OF THE REASON WHY I WROTE THE QUESTION.
1) I DO NOT HAVE ACCESS TO THE USERS DEVICE THEREFORE I CANNOT STORE A PRIVATE KEY
JUST SHIT ANSWERS HERE
WASTE OF TIME
All Answers are not meant to condescending!
If answer are stating the obvious,... The next quote doesn't help on that as well.
The question is clear as fog on what the issue is. And with cryptography there are a few ways (<10) to do it right and a million+ of ways to get it wrong.
Feel free to as to delete the question. I will not respond on this impossible request, and stopped monitoring the question.
If answer are stating the obvious,... The next quote doesn't help on that as well.
You ask for best practice..., then again dismiss it because there is no access to the user device.... so don't follow the best pracitce. And invent your own wheel. Feel safe or Be safe is regrettably not the same.
Unfortunately, my understanding in encryption is lacking so i will have some under-sight in my question. I apologize in advanced.
The question is clear as fog on what the issue is. And with cryptography there are a few ways (<10) to do it right and a million+ of ways to get it wrong.
Feel free to as to delete the question. I will not respond on this impossible request, and stopped monitoring the question.
If you are looking at crypto and esp end to end, then example will help. It takes a while to get to the crux of the issue but obviously you see otherwise despite our feedback.
https://github.com/zoom/zoom-e2e-whitepaper/blob/master/archive/zoom_e2e_v2_3.pdf
https://github.com/zoom/zoom-e2e-whitepaper/blob/master/archive/zoom_e2e_v2_3.pdf
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Except for the central storage of private keys., Those should not be gathered to a central place.
MYSQL encryption/decryption still means there is a UNENCRYPTED message down the wire.
Even HTTPS provides better security if it is used end-to-end.
In your system there is NO encryption while the data travels from the http(s) socket to the database.
End to end encryption means the FIRST act after entering the message on Alices system, is to encrypt it with Alices Private Key and Bob;s public key.
after this you can send the message. .... when Bob receives the message he can use his own private key and Alices public key to decode.
That is the fundamental start of End-to-End encryption. That leaves the non-trivial task of key management and distribution of public keys.
PGP is another such tool. Look at the PGP infrastructure (key servers.. etc.) if you replace e-mail with (e)jabber you get very close to signal/whatsapp.
The problem with the latter 2 is the sending of group messages. Which does mean some shared key exists and using that key any member of the group can decode messages.
also members not shown in the member list. So eaves dropping in those IS possible. With Signal there is an open source reference implementation you can use for yourself.
With Whatsapp Facebook is definitely capable of inserting ghost group members that will never show up in the memberlist of phones.
If you claim to have NO/insufficient knowledge of encryption, then learn to master that first.
Would i use a system like you describe...? My main question would be how can i trust it......