All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.refcodes.forwardsecrecy.EncryptionService Maven / Gradle / Ivy

// /////////////////////////////////////////////////////////////////////////////
// REFCODES.ORG
// =============================================================================
// This code is copyright (c) by Siegfried Steiner, Munich, Germany and licensed
// under the following (see "http://en.wikipedia.org/wiki/Multi-licensing")
// licenses:
// =============================================================================
// GNU General Public License, v3.0 ("http://www.gnu.org/licenses/gpl-3.0.html")
// together with the GPL linking exception applied; as being applied by the GNU
// Classpath ("http://www.gnu.org/software/classpath/license.html")
// =============================================================================
// Apache License, v2.0 ("http://www.apache.org/licenses/LICENSE-2.0")
// =============================================================================
// Please contact the copyright holding author(s) of the software artifacts in
// question for licensing issues not being covered by the above listed licenses,
// also regarding commercial licensing models or regarding the compatibility
// with other open source licenses.
// /////////////////////////////////////////////////////////////////////////////

package org.refcodes.forwardsecrecy;

import org.refcodes.forwardsecrecy.generators.CipherVersionGenerator;

/**
 * An {@link EncryptionService} is bound to a single namespace and creates
 * unique {@link CipherVersion} instances for that namespace.
 * 

* The {@link EncryptionService} may make use of an encryption server persisting * {@link CipherVersion} instances per namespace. It could actually generate a * dedicated cipher just once, so any unauthorized system having access to the * ciphers gets a different cipher not used by any of the authorized * participant. Never two participants will encrypt with the same cipher (taken * the probability that two participants generate the same cipher is very low * and nearly never to happen; in case it happens there is still no security * risk). The key advantage is that if an intruder can also retrieve ciphers, * those ciphers being retrieved are never used by other systems for encryption * as a cipher version is bound to the requester. *

* To later determine which cipher to use when decrypting data, each cipher has * a cipher UDI assigned to it (a cipher UID and cipher make up a * {@link CipherVersion}). Encrypted data is prefixed with this cipher UID so * later it is easy to determine which cipher is responsible for decryption. The * cipher UID is assumed to be public as it's generation must be completely * independent from the cipher itself. Unauthorized systems having access to the * cipher UID cannot reverse calculate the cipher *

* There is not even a relation between cipher and cipher UID in terms if hash * code. This means using brute force approaches with rainbow tables or * whatsoever to reconstruct the cipher from the cipher UID is to fail. *

* Depending on the implementation, the {@link EncryptionService} makes use of a * public key of an asymmetric encryption approach for encrypting the * {@link CipherVersion} instances; to be persisted by the encryption server. *

* Encrypting only the cipher is sufficient, the cipher UID can be stored in * plain text; it securely can be assumed to be public. As said before, any * intruder knowing the cipher UIDs does not weaken the forward secrecy * cryptography infrastructure as knowing the cipher UIDs is only of use with * the according ciphers; which cannot be calculated from the cipher UIDs. */ public interface EncryptionService extends CipherVersionGenerator {}





© 2015 - 2025 Weber Informatics LLC | Privacy Policy