1

Is there a encryption algorithm that allows more than one key to decrypt and encrypt?

A = Key one
B = Key two

Data exchange should be possible as follows

1. Clear Text == A ==> Encrypted == B ==> Clear Text
2. Clear Text == B ==> Encrypted == A ==> Clear Text

EDIT 1:
Algorithm should be available in Java.

EDIT 2: Broader picture
A database stores encrypted data. Most of the users have to read and write (decrypt and encrypt) a small portion of the data using their personal password. Some users need to access (decrypt and encrypt) all of the data, using their personal password.
Members of both user groups must not know another password than theirs.

Zeemee
  • 10,486
  • 14
  • 51
  • 81
  • Found this: http://stackoverflow.com/questions/597188/encryption-with-multiple-different-keys But I need a Java implementation... – Zeemee Oct 21 '13 at 10:43
  • Why do you want to do this? Sounds like [an XY problem](http://meta.stackexchange.com/a/66378/192221). – Duncan Jones Oct 21 '13 at 11:38

2 Answers2

2

If A is public key and B the corresponding private key (or the other way around) in a PKI system, then yes, otherwise no.

UPDATE: You have provided the "broader picture" now, and I'm afraid the answer has become: no, you can't do that. To understand why, you need to realize that both groups need to be able to encrypt and decrypt. So you requirements really are:

  1. Clear Text == A ==> Encrypted == B ==> Clear Text
  2. Clear Text == B ==> Encrypted == A ==> Clear Text
  3. Clear Text == A ==> Encrypted == A ==> Clear Text
  4. Clear Text == B ==> Encrypted == B ==> Clear Text

The best you can do is use some authorization mechanism to control who has access to the data, and store the data itself unencrypted.

Kris Vandermotten
  • 10,111
  • 38
  • 49
  • Am I able to encrypt data with the private key? – Zeemee Oct 21 '13 at 10:13
  • 1
    Some API's may not allow you to do that directly, but yes it is possible. In fact this is the basis for a digital signature: being able to decrypt with someones public key proves that the data was encrypted with the corresponding private key. Only in reality, for performance sake, a hash is encrypted instead of the entire document to produce a digital signature. – Kris Vandermotten Oct 21 '13 at 10:49
2

This is typically solved by storing a symmetric key encrypted under one or more public keys.

The symmetric key is used to encrypt the data in your database. Each user has an asymmetric key pair. If the user has the right to view a piece of data, you must store a copy of the symmetric key encrypted under the user's public key.

This is all achievable in Java. Cipher.WRAP_MODE can be used for the key wrapping/un-wrapping.

Because you mentioned Java as a constraint, I felt this question was just about on-topic. But note that general discussions about cryptography and security design are off-topic for Stack Overflow.

Duncan Jones
  • 67,400
  • 29
  • 193
  • 254
  • Thank you Duncan. Found this about Cipher.WRAP_MODE: http://flylib.com/books/en/1.274.1.29/1/ – Zeemee Oct 21 '13 at 14:15