Password Based Encryption - Integratingfactor/lib-idp-crypto GitHub Wiki

When is PBE used?

Password based encryption will be used to store a user's private data that server does not need to access internally. This data should only be used when initiated with a user request, and should always require user's pass phrase for retrieval/access.

Storing credit cards information with PBE only makes sense if each and every transaction is user initiated (so cannot perform recurring billing using stored credit card information, for e.g.), and this where Paypal's Subscription billing plans may be used to generate a separate billing plan resource ID, which can be stored with server side encryption and managed by server internally.

How is PBE used?

PBE Initialization

When a user is on-boarded in an org, we'll create a new PBE defintion for the user consisting of following information:

  • PBE generator algorithm
  • Encryption algorithm
  • a secured random salt
  • key derivation count
  • key size
  • (optional) cipher initialization vector

Reason we need this PBE definition is so that PBE keys can be regenerated as needed with user's passphrase, without having to store the passphrase in the key vault.

Above information will be specific to a user/org, and MUST be used for securely storing any sensitive and private user data by the applications registered for the project.

PBE Usage

  • Library will provide class declarations to define PBE key definition/specs
  • Library will provide factory classes to generate and initialize with keys and ciphers using the key definition class object AND user's passphrase
  • Library will provide factory methods to encrypt plaintext into ciphertext with embedded IV and Key version information in ciphertext
  • Library will provide factory method to decrypt ciphertext into plaintext and key version
  • IDP will use PBE keys to encrypt/decrypt user's private secret keys
  • When application requests user's private secret key, IDP will decrypt on the fly using PBE
  • Application does not gets actual PBE, only gets user's private key secured with PBE

Sample PBE flow

Following illustration shows a sample flow on how PBE keys are used (and disposed): PBE usage