How to devise cryptographic system with sharing ability

I am writing a application. For my application the data of the users should be encrypted in the database. The users should also be able to share data with other users. To that end I want to you RSA encryption.

My intended implementation is as follows: The public key of the user is stored in the database. Data that is to be shared with another user is encrypted with that users public key and stored in the database. Now, here are two problems I am facing with this approach:

1.) I want the public/private key pair to be derived from the user password so as to not have it stored anywhere unsafely on disk. Whenever the user logs into the application, the private key is derived and user data can be de-/encrypted. My question is, how can I derive an RSA key pair from the password?

2.) If the user resets their password, no previously encrypted data can be decrypted anymore, as that would require the user’s old password in order to derive the private key. As far as I know, one solution to this problem is to encrypt/decrypt using a randomly generated data encryption key that doesn’t ever change, and to then encrypt that key using a password based key. But then how can a user share encrypted data with other users? For that the user would have to also share their password based key in order to grant access to the public data encryption key, which obviously is against the whole point of encryption.

So, how do I go about reconciling and solving both of these issues?

Can I use my own implementation of a widely used, supposedly secure cryptographic algorithm for securing data at rest?

I know you shouldn’t roll your own crypto and generally its not a good idea to implement (and then deploy) any extensively tested and recommended algorithms by yourself either.

I have already seen this question, and as far as I understand, the main problem with implementing things yourself is that you will probably remain vulnerable to a host of side-channel attacks.

But suppose I have already implemented AES (just for fun and as a learning experience). What if I now use that implementation for simply encrypting files locally (and then perhaps back them up on the cloud or on removable media)? Since nobody other than me would be using the implementation, most of the side channel attacks would not apply. For instance, since no attacker can request an encryption/decryption (the way it works with a server), no timing attack can be carried out. Would this scenario be sufficiently secure?

In other words would using my own implementation of AES provide security for data at rest or will using it still be a stupid idea?

Is there such a cryptographic algorithm?

Is there such a cryptographic algorithm that will encrypt any file with a password. But when decrypting, if the password is incorrect, the file will be decrypted, but instead of relevant data there will be “garbage”. It is important to note that I’m not talking about the ability to generate a file with garbage if the password is incorrect. I mean, that would be as if built into the algorithm itself. Is there something similar that I described? And if not, which way can I dig?

Can I use a cryptographic hash function to prove my authorship of an anonymous article?

From what I understand, hash functions are one-way functions. Let’s say that I want to publish an opinion article anonymously, but there is a possibility that I later want to prove that I was the one that wrote the article. Is it possible for me to simply put my identifying information, such as my name, birthday, and social security number, into a cryptographic hash function, and place that hash as my “pseudonym”? The question is the same question as Deniable proof of authorship, but I don’t understand the answer, and I’m not sure if the answer pertains to the use of a hash function.

If this works, are there any downsides? Are there common mistakes that people like me make? I don’t see a way to break this function other than to enter the identifying information of every single person in the world and see if it matches the pseudonym.

Also, what is a PGP? When I was searching my question on the internet, this term popped up quite often.

Please let me know if this is not the correct place to post this question.

How to generate short fixed length cryptographic hashs?

I am trying to implement a kind of email verification system with a node.js server with no state.

The strategy

  1. User sends his email to the server
  2. Server generate a 4 digits code based on the email address and sends it to the user via email.
  3. User sends back the received code via email + the email address to the server
  4. Server re-generates the 4 digits code based on the email and compares it with the code sent by the user.

My implementation to generate the 4 digits code

  1. Create a HEX digest using HMAC SHA-256 hash function
  2. Take the first 3 characters of the digest
  3. Convert them to an integer
  4. If length < 4, concatenates one or multiples 0 at the end
const crypto = require('crypto')  const get4DigitsCode = (message) => {   const hash = crypto     .createHmac('sha256', Buffer.from(SECRET_KEY, 'hex'))     .update(message)     .digest('hex')    const first3HexCharacters = hash.slice(0, 3)    const int = parseInt(first3HexCharacters, 16)    let code = int.toString()   code =     Array(4 - code.length)       .fill(0)       .join("") + code    return code } 

After generating codes for 8293 email addresses, I noticed that I had 4758 duplicates. Is it normal to have this amount of duplicates for a code as this sort ? Is my strategy and my implementation secure (ability to guess the code) ?

How is a cryptographic key used as a password when using WiFi? [duplicate]

This question already has an answer here:

  • Four-way Handshake in WPA-Personal (WPA-PSK) 3 answers
  • How does a device send the Wi-Fi password to the router? [duplicate] 1 answer

I have recently come from a post and the accepted answer described the password as a cryptographic key. I have an understanding of RSA, AES and uses of it such as digital signatures however I fail to see how it is used in this case.

Atleast when using SSL, RSA is used to exchange a symmetric key and then use an algorithm such as AES to quickly encrypt and decrypt the message, however the accept answer is inferring the symmetric key is now the password.

Do all users on the network have the same symmetric key, or it is a newly generated symmetric key for each new user? Exactly how does it work, I am assuming the router encrypts using the symmetric key and assumes all connected users can decrypt it, however when how does it store when someone is connected?

Coming from a web architecture, a session token is sent to the server to know if a user is logged in, in this case connected. I do not fully understand what is going on and I was hoping someone to explain.

Cryptographic requirements for GDPR

I’m looking into how to store emails and data regarding GDPR. The reasoning is that it would be beneficial to store users emails linked to certain data (shop data about purchases and questionnaires). E.g.

  • User u email
  • User u purchased product x
  • User u questionnaire about experience of product x

I’ve read into how hashing the emails could allow for pseudonymized data, but I’m not sure if this is enough, for example.

“Although you no longer have the email addresses of all your users, you could easily compare your database to a list of known email addresses to identify which of those people use your service.”


There will always be a situation in which people would be able to recover the anonymised data, so my question is, is hashing of emails enough for GDPR? If not then what is the minimum requirement from a cryptographic point of view?