1

I'm implementing a way for users to share messages with other users. All users and admin-users have a unique key pair. A message can be sent from one user to multiple users.

Admin-users, who always have access to all messages, in case a user loses his password, and then makes a new password (with a forgot-password email link), the admin-user can decrypt the message with the admin-user private key and encrypt it with the users new public key.

Is there a way to automate this process, securely of course?

I was thinking sending a mail to a local-server (not connected to the webserver), so the local server can login to the site as admin-user and give the user access, when they changed their passwords.

bullyduckyy
  • 11
  • 1

1 Answers1

1

First, don't re-encrypt messages, encrypt message decryption keys. It is far more efficient to produce a symmetric key for each message and then encrypt it to each user's keyring that should have access. If admin users have access to all messages, you could add the private keys of all users to a keyring and then simply return the private key to the user after their password is changed. This should probably not be an automated process though as you need to make sure that the user is the correct person first or there isn't much point to the encryption. Further, you want to avoid storing keys on the server, which means some admin user needs to be logged in to unlock the user's private key for their account.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • Can you please explain why I should avoid storing the key pairs on the server? – bullyduckyy Jun 04 '14 at 14:42
  • The point of using encryption is that if the DB or server is compromised, an attacker can't access the data. If you store the encryption keys in an accessible format, then the encryption does nothing. You should have to unlock the encryption keys before they can be used. Normally this would be done by the user's password (they key is still stored on the server, but it is protected by a key derived from the user's password). – AJ Henderson Jun 04 '14 at 14:44
  • well the public and private keys are created from the user's password, so the attacker would not be able to decrypt anything without the user's password. – bullyduckyy Jun 04 '14 at 14:47
  • 1
    @bullyduckyy - You seem to have a pretty substantial lack of understanding about how asymmetric cryptography works. You don't make an asymmetric keypair from a password. You (generally) make it from random psuedo-primes and then encrypt the private key with a symetric key derived from the user's password (and possibly another public key if you need an administrative recovery) and store the public key unencrypted so that other parts of the system can encrypt stuff for that user. – AJ Henderson Jun 04 '14 at 14:50
  • Maybe I'm bad at explaining, will you please look at this http://pastebin.com/awgXA4tT and tell me if it's ok? I can see your point about not saving the private key, but I will have to save the public key, right? (The surrogate key is like this example: http://security.stackexchange.com/questions/18991/is-it-safe-to-store-password-in-php-session/18998#18998 ) – bullyduckyy Jun 04 '14 at 14:57
  • @bullyduckyy - that isn't deriving the key from the password you give it. It is using the password to encrypt the private key. If you used that twice, you would get different keys. Storing public keys is fine (and necessary), that's why they are public. What polynomial is describing in that post is what I am trying to describe in my answer here (roughly). – AJ Henderson Jun 04 '14 at 14:59
  • Okay, so should I still avoid saving the encrypted private key in the database? – bullyduckyy Jun 04 '14 at 15:01
  • No, you should store the encrypted private key, but should only store the form that is encrypted based on the user's password or the admin password. This is why an admin needs to take action to unlock a password reset. Because without the password, the user can't access their private key, so an admin must unlock their copy of the private key and then provide it to the user to be encrypted using the user's new password. – AJ Henderson Jun 04 '14 at 15:02
  • Do you know anywhere I can read about the admin copy of the private key? Thanks for the help! – bullyduckyy Jun 04 '14 at 15:06
  • @bullyduckyy - it is basically the same as the user version, you just encrypt it with a public key rather than a symmetric one derived from the user's password (since the user doesn't have access to the admin account) – AJ Henderson Jun 04 '14 at 15:07
  • Ah, so when the user's public and private keys are created, encrypt the user's unencrypted private_key, with the admins public key... – bullyduckyy Jun 04 '14 at 15:12