Reputation: 5664
Java Text Encryption for Multiple Unknown Recipients
I have an application working fine with shared public/secret private keys for encrypting arbitrary large text strings.
I am using BouncyCastle with
private static final String ALGORITHM = "RSA";
private static final String UTF_8 = "UTF-8";
private static final int KEY_SIZE = 2048;
So using Bob and Annie as example
Annie and Bob share each others public keys...
Annie can send Bob an encrypted message using Bobs public key to encrypt her message. With Bob happily decrypt ing using his private key.
Bob can reply with a message encrypted with Annies public key.
However, how does Annie send an encrypted message to an Unknown recipient?
How could Annie "publish" a message to a List of Unknown recipients?
Is this possible?
Upvotes: 2
Views: 447
Answers (2)
Reputation: 61892
You can't really sent anything to somebody without knowing at least one thing about them. That one thing doesn't have to be the public key. It can be something else.
RSA and EC-based counterparts are not the only player in the asymmetric encryption realm.
Identity-based Encryption (IBE) enables anyone to encrypt something for somebody knowing only their "identity" which is a simple string. For many people their identity is tightly coupled with their e-mail address, so you can use that. Of course, it doesn't have to be. It only needs to be a unique string.
A trusted third party would later check the identity of a client that applies for their private key and if the identity matches, it would generate the private key for decryption. I'm sure there are IBE implementation in Java around somewhere considering how long it is already around.
A problem with IBE is that you still might need to send many messages to each and every intended recipient.
Attribute-based Encryption (ABE) is better in that regard, because you can encrypt some plaintext with a policy (in the Attribute-based Access Control sense) and it can be only decrypted if the recipient holds the necessary attribute secret keys. This is called Ciphertext-policy ABE. Here is a little more detailed description.
You still need a trusted third party, but now you can easily encrypt for groups based on attributes. The private key generation can happen at a later time than the encryption. The JCPABE library is written in Java and works completely in Java. It is based on jPBC, but it can be sped up when additionally installing libpbc which is the original C-version.
Upvotes: 1
Reputation: 3151
By the principles of public-key cryptography, Annie is unable to publish an encrypted message to a set of technically unknown recipients. She must have their public key (certificate) available.
You or your application does not have to be responsible for key management, so long as trusted third party certificate authority and registration authorities can manage them. If that is feasible in your environment, you'd at most have to perform path validation on each public key certificate but not directly manage the material.
Upvotes: 1
Related Questions
- Email multiple recipients without revealing other recipients
- Security: Write javax.mail.Message to File with Encryption
- Best way to encrypt messages in Java where ciphertext is public
- How to encrypt text into plain text strings only
- encrypted chat java
- Message Decoding/Encrypting Program output JAVA
- How to encrypt one message for multiple recipients?
- Character for character encryption
- Encryption message in java
- Encrypt conversations