0

As title says, I've generated primary key as:

  async function generateKey() {
    const key = await window.crypto.subtle.generateKey(
        {
            name: "AES-GCM",
            length: 256,
        },
        true, 
        ["encrypt", "decrypt"] 
    );
    return key;
}

and encrypted this key using derived key as:

  async function encryptPrimaryKey(primaryKey: any, derivedKey: any, iv: any) {
    const encryptedKey = await window.crypto.subtle.encrypt(
      { name: "AES-GCM", iv: iv },
      derivedKey,
      primaryKey
    );
    return encryptedKey;
  }

where derivedkey itself is generated using user's password as:

 async function deriveKey(salt: any, passphrase: string = "password") {
    const encoder = new TextEncoder();
    const keyMaterial = await window.crypto.subtle.importKey(
      "raw",
      encoder.encode(passphrase),
      { name: "PBKDF2" },
      false,
      ["deriveKey"]
    );
    
    const derivedKey = await window.crypto.subtle.deriveKey(
      {
        name: "PBKDF2",
        salt: salt,
        iterations: 100000,
        hash: "SHA-256",
      },
      keyMaterial,
      { name: "AES-GCM", length: 256 },
      false,
      ["encrypt", "decrypt"]
    );
    return { derivedKey, salt };
  }

This encrypted primary key is thus send to server for its storage. User will able to get primary key for encrypting their data in client side as long as they have their password. But if they forgot password, how will user get primary key as server only stores it in encypted form?

How can recovery mechanism be implmented?

Improve this question
3
  • 1
    You can't. And that should be intuitively clear: If you could decrypt primaryKey without the password, anyone could do it and encryption would be pointless. Commented May 9, 2024 at 12:03
  • @Topaco I mean how to implement recovery key(?) or something like that, so that user having recovery can get their primary key unencrypted. Commented May 9, 2024 at 12:08
  • 1
    You have already introduced the concept of key wrapping; the primary key is wrapped with the derived key. One way to introduce a recovery key is to also wrap the primary key in, say, an RSA public key. If the user forgets their password but has kept their private key safe, they can use their private key to unwrap the primary key. Some examples here and here Commented May 9, 2024 at 13:03
Related questions
1
Looking for Java implementation for decrypting a message encrypted using openssl -aes-256-cbc -a -salt command?
1
How secure is my encryption with password script? (Golang, AES256, pbkdf2, hmac)
2
Does Size of Bitstring Matter in Hashing Functions?
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.