0

I am trying to encrypt whole EPub's XHTML / HTML files using a private key, and then append a public key in META-INF/encrpytion.xml so that the user would be able to read the book this way. Private / public key pair is unique based on many non-relevant criteria.

Would it somehow be possible to use this encryption scheme? If yes, what encryption.xml structure should I use?

OR, if this is not possible, could I "obfuscate" actual XHTML book files the same as fonts are "obfuscated" in an EPub package?

Thanks, I'm very new to this, and there is no CLEAR specification on how to make your own EPub books ENCRYPTED.

kbs1
  • 35
  • 2
  • 6

1 Answers1

1

First, very loosely speaking, when you encrypt with a private key, it's a digital signature, not an encryption. A recipient can then verify that the message has not been altered by "decrypting" with the public key. It sounds like you are, in fact, intending to encrypt the data, so you are using the keys backward.

Second, asymmetric encryption is used for key transport, not data encryption. The proper way to do it is to use a symmetric algorithm to encrypt the file, then encrypt the symmetric key with the public key of your asymmetric algorithm. Better yet, find a CMS (S/MIME) library to do it for you. Even applying such a library correctly can be hard to get right. You definitely should not try to implement the same functionality from cryptographic primitives.

Finally, if you are trying to create some sort of DRM system, you may as well give up. Copy protection is a legal issue, not a technological issue. You can't lock something up and then give the thief the key.

erickson
  • 265,237
  • 58
  • 395
  • 493
  • The whole point of the scheme is to be able to pinpoint exactly _who_ had shared the EPub file in question, and at the same time make removing the protection more difficult for a normal user. So when the user extracts the ZIP archive, all book XHTML files would be unreadable unless decrypted. Is it possible to write encryption.xml in this way? Fonts can be "obfuscated", can the book files it self be in any way? – kbs1 Feb 23 '13 at 03:32
  • @kbs1 In that case, what you'd want is some sort of digital watermark embedded in the content. This is common in image files, but developing a resilient watermark for XHTML's plain text seems really challenging. However, I suggest [learning more about them](http://en.wikipedia.org/wiki/Digital_watermark) to see if that is what you are after. – erickson Feb 23 '13 at 15:45
  • Thanks, that's partially what I am after. We plan to combine social DRM with some other methods of protection, the suggested scheme being one of them. – kbs1 Feb 23 '13 at 20:45