1

I'm looking a way to do something like this. I don't know how to call it, so i don't know if it exist or how to find it. Some keyword would be welcome :)

String var_1 = "user data";
String fix_1 = "supply data";

String mix = mixer(var_1,fix_1);
// mix = " something fully random "

String var_2 = "user data changed";
String fix_2 = fixer(var_2,mix);

And mix == mixer(var_2, fix_2);

So to resume, I need to generate a random data from 2 variables. 1 is variable from user and 1 is supply by me.

First time , I generate the data with these 2 variables with one function.

Then, if the user data change, with another function, I compute the new supply data with the first result and the new user data. And if I use again the computed data and the new user data, I must obtain the same data computed the first time.

Is there something to do that ? Like some cipher technique or so?

Thanks for Intel.

Nimantha
  • 6,405
  • 6
  • 28
  • 69
  • 1
    You could use the "user data" as a key. "supply data" is the message you encrypt. mixer(var_1, fix_1) encrypts the message fix_1 with the key var_1 (or a hash of var_1). Then fixer decrypts the message with the var_2 key. – user253751 Jul 29 '20 at 22:25
  • What you're describing sounds like a [key derivation function(KDF)](https://en.wikipedia.org/wiki/Key_derivation_function). [Here](https://tools.ietf.org/html/rfc5869) is more detail on one particular KDF. – President James K. Polk Jul 29 '20 at 23:08
  • I gonna check that. But I think it is a way to generate a key with correct length from a password which is too short or just sign/auth data. I can t regenerate a second key from a knowing key and different password. But thinking in another way, my user data is a password, my supply data is a public key and my generate data is a private key. So If I user change his password and I know the private key, I should be able to generate a new public key. I have to check with RSA public/private key if I can do that. Thanks guy –  Jul 29 '20 at 23:30

2 Answers2

0

In fact there is something like this already which may satisfy you needs. In fact you know this function too. It's the good old XOR. And yes, it is used in crypto a lot. In fact it's the core idea of the stream ciphers and the One Time Pad.

It goes like this:

  1. Assume you have a byte array of length n called var_1.
  2. Assume you have a random value fix_1 of the same length.
  3. If you do var_1 XOR fix_1 you get mix.
  4. If you do mix XOR fix_1 you get var_1 again. (Basic math: fix_1 XOR fix_1 equals chain of zero value bytes and var_1 XOR zero bytes = var_1.

This whole thing will be as random and secure as random and secret fix_1 remains. If one of the values is not random the approach is not secure at all.

Marek Puchalski
  • 3,286
  • 2
  • 26
  • 35
  • thanks for your answer. I thought to this, but it is too simple to crack. I just success to do. See my answer. This idea come from a comment and i remember also a post I read about DESede who use something similar to crypt data from 3 Key. –  Jul 30 '20 at 11:55
  • for interesseted people about DESese post look ArtJom answer: https://stackoverflow.com/questions/28875731/generating-and-using-two-keys-for-encryption-and-decryption-in-java –  Jul 30 '20 at 11:58
0

So following the idea of User253751 in comment, I was able to do it.

Step:

  • generate the private constant key => privateKey = encrypt(publicKey, Password_1) (the first public key is random )
  • if password change, generate a new public key by decoding the private constant key with password_2 => publicKey_Updated = decrypt(privateKey, Password_2)
  • Check if the new public key is valid : privateKey_Rebuild = encrypt(publicKey_Updated, Password_2) ====> if everything is ok, privateKey == privateKey_Rebuild.

---> I test it only with a low cryptage i use just for obfuscation, but it should work with symmetric key too. I'm not sur about Asymetric key, because to make this work, you need a crypting protocol who always give you the same crypted data with the same input. And RSA do not gave you the same crypted data even with the same input.

Here my code (not a copy/paste snippet beacause it use my own library), but you can catch the idea easily with the function name.

        KeyObfusc publicKey_1 = KeyObfusc.fromPassword("publicKey_1");
        KeyObfusc password_1 = KeyObfusc.fromPassword("password_1");
        Encoder encoder_1 = new Encoder(password_1, CipherFormat.HEX);
        Decoder decoder_1 = new Decoder(password_1, CipherFormat.HEX);
        byte[] privateKey = encoder_1.toBytes(publicKey_1.getEncoded());
        byte[] publicKey_1_Rebuild = decoder_1.fromBytesToBytes(privateKey);

        LogDelay.send("password_1 : " + BytesTo.stringHex(password_1.getEncoded()));
        LogDelay.send("publicKey_1 : " + BytesTo.stringHex(publicKey_1.getEncoded()));
        LogDelay.send("privateKey : " + BytesTo.stringHex(privateKey));
        LogDelay.send("publicKey_1 Rebuild : " + Arrays.equals(publicKey_1.getEncoded(), publicKey_1_Rebuild) +
                 " " + BytesTo.stringHex(publicKey_1_Rebuild));
        LogDelay.send();

        KeyObfusc password_2 = KeyObfusc.fromPassword("password_2");
        Encoder encoder_2 = new Encoder(password_2, CipherFormat.HEX);
        Decoder decoder_2 = new Decoder(password_2, CipherFormat.HEX);
        byte[] publicKey_2 = decoder_2.fromBytesToBytes(privateKey);
        byte[] privateKey_Rebuild = encoder_2.toBytes(publicKey_2);

        LogDelay.send("password_2 : " + BytesTo.stringHex(password_2.getEncoded()));
        LogDelay.send("publicKey_2 : " + BytesTo.stringHex(publicKey_2));
        LogDelay.send("privateKey Rebuild: " + Arrays.equals(privateKey, privateKey_Rebuild) +
                " " + BytesTo.stringHex(privateKey_Rebuild));
        LogDelay.send();
  • So just for info, I did it with AES/CTR/NoPadding and this works too. But it can not work with AES/CBC/PKCS7Padding because when you try to decrypt the data with a differente key from the encrypting, you got an BadPadding error on your private key. –  Jul 30 '20 at 15:25