Versions Compared

Version Old Version 2 New Version 3
Changes made by

Ramzi Henein (Unlicensed)

Ramzi Henein (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

a shared secret (symmetric key) encryption will be sufficient.

Symmetric Encryption

...

Method

Use The AES cypher to encrypt and decrypt the file. This is secure enough and fast enough for your purposes. Further is supported by openssl and Java crypto implementations.

The following is an OpenSSL example

Code Block
languagebash
titleEncrypt
[desktop@luxor RgiEnc]$ openssl rand -base64 128 > rgikey
[desktop@luxor RgiEnc]$ cat rgikey
optygS6e4C23kNgzpelDIG3pza8xAplkyEMXGXzZwIGV7oXyEMVS8ARyiRmJ+9Ea
OpSH3dQc1HnzCtXRvs2QaNqxZWWAAxz46MbtYlmFmKdNqad8OVn8GYYHA6h5GKYk
emMBxXuaPB3itVqEnIGS76M2sVf9qtZAA9H4VQ24TPE=
[desktop@luxor RgiEnc]$ openssl enc -aes-256-cbc -salt -iter 1000 -in FakeNames.txt -out FakeNames.enc -pass file:rgikey

...

Code Block
languagebash
titleDecrypt
[desktop@luxor RgiEnc]$ openssl enc -d -aes-256-cbc -salt -iter 1000 -in FakeNames.enc -out FakeNames.csv -pass file:rgikey

Key Generation

Because SSHA is encrypting the file, SSHA will take on the responsibility for generating the shared key.

Key Sharing

The challenge with a shared secret is the exchange of the key.

...

Shared via Secure Exchange

SSHA generates the shared key and passes the key to TIS which adds the key to a property file in websphere

...

Keystore

The shared key is generated using the Java Keytool and is saved in a password protected keystore (using a store type of PKCS12).

SSHA extracts the key from the store and uses it




Generate Keys in

Code Block
languagebash
titleKey Pair
[desktop@luxor RgiEnc]$ openssl version
OpenSSL 1.1.1d FIPS  10 Sep 2019
[desktop@luxor RgiEnc]$ openssl genrsa -des3 -out secret.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.................................................................................+++++
......................................................................................+++++
e is 65537 (0x010001)
Enter pass phrase for secret.key:
Verifying - Enter pass phrase for secret.key:
[desktop@luxor RgiEnc]$ openssl rsa -in secret.key -out public.key -outform PEM -pubout
Enter pass phrase for secret.key:
writing RSA key

...