Search code examples
encryptionencodingpublic-key-encryptiondecodingencryption-asymmetric

Asymmetric encryption with multiple decryption results

Edit

I am trying to develop a password managing tool for companies. My idea is that the passwords in some kind of database are encrypted with a master password which only the admin has.

Per department in a company there should be an own password, which lets the users of that department only access their passwords.

Lets look at an example.

  • Department A
    • Billing system, Password: "Hello"
  • Department B
    • Mail, Password: "World"

The passwords are encrypted with the master password of the admin. Lets just assume it is 0000. So in the database there would be something like this

  • Department A
    • Billing system, Password: encrypt("Hello",0000,'A')
  • Department B
    • Mail, Password: encrypt("World",0000,'B')

Furthermore, the password of department A would be 9999 and of department B 7777. Now I am searching for a possibility to decrypt the password of the billing system with the password 9999 and decrypt the mail password with 7777. But it should not be possible to decrypt the mail password with 9999 and vice versa.

  • Billing system: decrypt(encrypt("Hello",0000,'A'), 9999) = "Hello"
  • Billing system: decrypt(encrypt("Hello",0000,'A'), 7777) != "Hello"
  • Mail: decrypt(encrypt("World",0000,'B'), 9999) != "World"
  • Mail: decrypt(encrypt("World",0000,'B'), 7777) = "World"

Not that this it hard enough, the admin user must have the possibility to decrypt any password with his master password 0000

  • Billing system: decrypt(encrypt("Hello",0000,'A'), 0000) = "Hello"
  • Mail: decrypt(encrypt("World",0000,'B'), 0000) = "World"

I hope that my ideas are getting clearer now...

Solution

  • Preface: you cannot design a cryptographic system without knowing its full intent and purpose, so me giving any snippet of advice may be wholly unsuitable for your eventual end goal. Also, you may rather want to ask the experts at http://security.stackexchange.com or http://crypto.stackexchange.com. Also, I have more of a general knowledge of cryptography and this is a general programming forum, so take the below with a grain of salt.

    Having said that, the usual way to store one piece of information in an encrypted form but make it accessible to multiple parties using different passwords is to use intermediate encryption keys. You have your plaintext. You generate a random key and use that to encrypt the plaintext. You now encrypt the randomly generated key with the user's personal password and store the result.

    plaintext  = 'Hello World'
key        = make_random_string(128)
ciphertext = encrypt(plaintext, key)
keys = {
    user1: encrypt(key, user1password),
    user2: encrypt(key, user2password),
    ...
}

    To decrypt, you use the user's password to decrypt the key to then decrypt the actual information.

    key       = decrypt(keys.user1, user1password)
plaintext = decrypt(ciphertext, key)

print plaintext

    This indirection allows you to share the same piece of information among several users. In practice you'd probably use symmetric encryption to encrypt the plaintext with the random key, and asymmetric encryption to encrypt the random key with each user's public key. That means in practice, every time you generate a new random symmetric encryption key, the system needs to create a copy of it individually encrypted with each user's public key that should have access to it.

    This also allows you to irretrievably revoke an individual user's access to a specific piece of information, simply by nuking that users version of the random encryption key.