Interface EncryptionService
-
- All Superinterfaces:
CipherVersionGenerator<CipherVersion>
,org.refcodes.generator.Generator<CipherVersion>
,Iterator<CipherVersion>
- All Known Implementing Classes:
AbstractEncryptionService
,LoopbackEncryptionService
,PublicKeyEncryptionService
public interface EncryptionService extends CipherVersionGenerator<CipherVersion>
AnEncryptionService
is bound to a single namespace and creates uniqueCipherVersion
instances for that namespace.The
EncryptionService
may make use of an encryption server persistingCipherVersion
instances per namespace. It could actually generate a dedicated cipher just once, so any unauthorized system having access to the ciphers gets a different cipher not used by any of the authorized participant. Never two participants will encrypt with the same cipher (taken the probability that two participants generate the same cipher is very low and nearly never to happen; in case it happens there is still no security risk). The key advantage is that if an intruder can also retrieve ciphers, those ciphers being retrieved are never used by other systems for encryption as a cipher version is bound to the requester.To later determine which cipher to use when decrypting data, each cipher has a cipher UDI assigned to it (a cipher UID and cipher make up a
CipherVersion
). Encrypted data is prefixed with this cipher UID so later it is easy to determine which cipher is responsible for decryption. The cipher UID is assumed to be public as it's generation must be completely independent from the cipher itself. Unauthorized systems having access to the cipher UID cannot reverse calculate the cipherThere is not even a relation between cipher and cipher UID in terms of hash code. This means using brute force approaches with rainbow tables or whatsoever to reconstruct the cipher from the cipher UID is to fail.
Depending on the implementation, the
EncryptionService
makes use of a public key of an asymmetric encryption approach for encrypting theCipherVersion
instances; to be persisted by the encryption server.Encrypting only the cipher is sufficient, the cipher UID can be stored in plain text; it securely can be assumed to be public. As said before, any intruder knowing the cipher UIDs does not weaken the forward secrecy cryptography infrastructure as knowing the cipher UIDs is only of use with the according ciphers; which cannot be calculated from the cipher UIDs.
-
-
Method Summary
-
Methods inherited from interface org.refcodes.forwardsecrecy.CipherVersionGenerator
next
-
Methods inherited from interface java.util.Iterator
forEachRemaining, remove
-
-