Search code examples
web-servicescryptographycharm-crypto

Web Application with Charm Crypto

I suppose to make a web application where the users can login in this platform with username and password (I want to make a MySQL database to stare username and password).

After when the user is logged, he selects a file from his computer and send this file on server.

I want encrypt this file to a group of users (I want use HybridABE cryptography with Charm Crypto).

Now I have these architectural/programming question.

Suppose that we have this program:

from charm.toolbox.pairinggroup import PairingGroup,GT
from charm.adapters.abenc_adapt_hybrid import HybridABEnc as HybridABEnc
from charm.schemes.abenc.abenc_waters09 import CPabe09

group = PairingGroup('SS512')
cpabe = CPabe09(group)

hyb_abe = HybridABEnc(cpabe, group)

policy = '((ONE or THREE) and (TWO or FOUR))'

msg = "hello world this is an important message."

(master_secret_key, master_public_key) = hyb_abe.setup()

attr_list = ['THREE', 'ONE', 'TWO']

secret_key = hyb_abe.keygen(master_public_key, master_secret_key, attr_list)

cipher_text = hyb_abe.encrypt(master_public_key, msg, policy)

decrypted_msg = hyb_abe.decrypt(master_public_key, secret_key, cipher_text)

Where can I save the Master Private Key and the Master Public Key ? On a directory server like file ? On database ?

Where can I save the secret key of user ?

Solution

  • An Attribute-based Encryption system is usually created once and has only one master secret key and public key pair.

    • The master secret key is stored on the server that generates the user secret keys. Since there is usually only one master secret key, you can even generate it and put it into the source code of your server code. Of course, you can include it in the server database.
    • User secret keys have to be given to users. Remember to give your users some kind of (public) identifier along with the user secret key so that you can manage the list of attributes that a certain user has at the server-side. Otherwise, you will have a headache when you try to update attributes, because you will need to contact users with their new user secret key.
    • The master public key (usually called "public parameters" or simply "public key") is public. It's a good idea to include it in the package that you give to your users. You can also create an API endpoint so that interested "users" can ask your server for the public key.