Cryptographic Operations

Author

Torben Pedersen, CRM

The crypto manager offers cryptographic operations through a cryptographic module. Operations are called by using the static methods of the CryptoManager. The following operations are available

Key generation (public/private key pairs and conventional keys)
Random bit generator (which is also used indirectly for key generation)
Making and verifying signatures
Making and verifying MAC values
Public key encryption/decryption
Conventional encryption/decryption
Operations with a master key (as key encryption key)

The initialisation does three things:

Loads the correct module (for the moment this is a default module, CRMModule ).
Initialises the pseudo random generator (PRG) of the module (the first time this is based on a user supplied seed - entered through TINGUIN - later initialisations uses a seed stored in the archive). The class CryptoSeed contains this seed.
Loads the master key from archive (the very first time a master key is generated)

Prior to initialisation, the cryptographic manager can be used for some operations (conventional encryption, hashing, MAC generation/verification) using keys that are not protected by the master key.

The random seed is currently not entered by the user, as the Tinguin interface only works properly on Windows 95. If, however, you want to test this (on Windows 95), change the "seed = new byte[16]; // getSeedFromUser();" lines in CryptoMan.java to read "seed = getSeedFromUser();" (2 occurrences).

Initialisation of the Crypto Manager requires the userid as input parameter. If this parameter can be read (e.g., from preferences) this can be avoided in future versions.

The present version has been tested on Linux with RSA and DES as cryptographic algorithms. Test programs can be found in "semper/src/semper/statement/Test". The program "semper/src/semper/statement/Test/TCrypto" tests storage and retrieval of the key in archive. However, for the moment it requires that databases are cleared between each test (rm *.db). Thus for the moment the programs can only be used to illustrate the use of the CryptoManager and the Statement services . Libraries for WIN95, SOLARIS and LINUX are on the server. See the file "readme.txt" in the crypto directory for more information.

Cryptographic keys are handled by CryptoKeyInfo objects. Such an object can either contain a handle to the key or the actual key value. These objects also contain information (Capabilities) needed to control use of the keys. Whenever a key is needed it is verified that the capability corresponding to the key is unlocked. It is up to the entity generating the key to add a capability to the key. Due to problems of the Access Control Manager this has not been tested thoroughly.

Keys can be stored using storeKeyVal . In this operation the user can ask that the key be encrypted under the masterKey (default) or some other key before storage. Keys can be retrieved using getKeyVal . Here the user can either ask for the encrypted key or that it shoud be decrypted first. Again the masterKey of CryptoMan is the default key.

The master key is generated when SEMPER is installed or run the very first time using generateMasterKey . Later, the key is read from storage during initialisation of the CryptoManager. The master key is protected (by encryption) under a password chosen by the user. Thus usage of the master key depend on the password being typed in by the user on initialisation. As we don't know how to use the Access Control Manager for selecting and getting this password when the master key is generated, we currently use a default password.

To be done

Adding password handling for protecting the master key
Testing
Suppport more than one module by the manager
Test more cryptographic algorithms
We consider moving the CryptoKeyInfo to be part of the module together with handling of the master key, as is probably done better outside the manager. This will not be done before the first trial.

Date: August 23, 1996 .