Can a KeyCzar encrypted file be decrypted using a different set of cryptography tools?

270 views
Skip to first unread message

Colby Malo

unread,
Oct 13, 2015, 9:49:09 PM10/13/15
to Keyczar Discuss
Hey everyone,

I'm new to cryptography and certainly new to KeyCzar and I'm trying to understand what is required to decrypt my files if I use this library in a solution. Does a file encrypted using KeyCzar have to be decrypted using KeyCzar as well? Or can another library and/or tool set decrypt the file as long as the encryption type, encryption mode, and key are known?

Will Sargent

unread,
Oct 13, 2015, 10:06:44 PM10/13/15
to keyczar...@googlegroups.com

On Tue, Oct 13, 2015 at 2:37 PM, Colby Malo <cmalo...@gmail.com> wrote:
Hey everyone,

I'm new to cryptography and certainly new to KeyCzar and I'm trying to understand what is required to decrypt my files if I use this library in a solution. Does a file encrypted using KeyCzar have to be decrypted using KeyCzar as well? Or can another library and/or tool set decrypt the file as long as the encryption type, encryption mode, and key are known?

--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discu...@googlegroups.com.
To post to this group, send email to keyczar...@googlegroups.com.
Visit this group at http://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.

Will Sargent

unread,
Oct 13, 2015, 11:28:45 PM10/13/15
to keyczar...@googlegroups.com
Yes, the file encrypted with keyczar has to be decrypted with keyczar, because the output from a Crypter is in the Ciphertext format described.  It's not raw ciphertext.

Colby Malo

unread,
Oct 14, 2015, 4:54:37 PM10/14/15
to Keyczar Discuss
Thank you, I really appreciate your response. That helped clear some things up for me. I was really hoping to use KeyCzar but it sounds like I'll have to find something else. 

I'm trying to implement an encryption solution in a program but I'm getting lost. Basically, I need to encrypt a file and send it to another person who will then decrypt the file using their system. I thought that all they would need to do that was the form of encryption (AES, RSA, etc) and the key, but I was wrong. I've been asking people on StackExchange trying to learn what I need to implement this, but I can't seem to get a straight answer. I just want to find out if what I'm trying to do is possible. And if it is, what info does the person decrypting the file need to know about the encryption process to successfully decrypt the file? Sorry, I know this probably isn't the place to ask that, but I didn't think it hurt to try.

Steve Weis

unread,
Oct 14, 2015, 5:11:47 PM10/14/15
to Keyczar Discuss
Hi Colby. Keyczar is a library and is not the right tool if you just want to encrypt a file to send someone. It's might be useful if you were a developer writing a file encryption tool from scratch, but not as an end-user.

GPG is probably your best bet.

Here's the relevant page from the GPG handbook: https://www.gnupg.org/gph/en/manual/x110.html

The EFF has installation tutorials here: https://ssd.eff.org/

(It has weak crypto, but a password-protected zip with "zip -e" might be sufficient if you're just trying to protect against casual snoops. Everybody has zip and can open it with a password you give them out of band.)

Colby Malo

unread,
Oct 23, 2015, 11:11:37 AM10/23/15
to Keyczar Discuss
Steve,

Thank you for your response. Sorry it took me so long to reply, I've been swamped lately. 

Actually, I am a developer and I am trying to write my own file encryption tool into a Python program that I'm working on. That's why I was asking about this on StackExchange (specifically StackOverflow). Sorry, I should have clarified that. 

I don't necessarily want to build one from scratch, because I'm just learning about cryptography. And I don't feel that I have a good enough understanding about cryptography to build one from scratch, let alone build one that is safe to use. Which is why I've been looking for libraries to help me get started. 

Basically, my program is an automated tool that generates a particular report from a set of data and then sends it some end-point. Now I need to implement a feature to encrypt the file before sending it to the end-point. Then the entity receiving the encrypted file needs to be able to decrypt the file using the tools in their system. 

The problem I'm running into is that I'm not sure what information the other person needs to successfully decrypt the file. Being new to cryptography, I thought all they would need to know is the form of encryption used (AES-256, RSA-2048, etc) and the appropriate key to decrypt but I was completely wrong. So now I'm stuck because I'm not sure how to implement a solution that will enable me to encrypt the file and have the receiving entity be able to decrypt the file on their side. I was hoping to use Keyczar because it's a solid tool and it's simple to use but that is no longer an option because the receiving party cannot use it.

What would you suggest? What info about the encryption process does the receiving entity need to know so they can decrypt?

Shawn Willden

unread,
Oct 23, 2015, 12:00:16 PM10/23/15
to keyczar...@googlegroups.com
On Fri, Oct 23, 2015 at 9:11 AM Colby Malo <cmalo...@gmail.com> wrote:
What would you suggest? What info about the encryption process does the receiving entity need to know so they can decrypt?

This is probably not a terribly effective approach, but if you can tell us how you're using Keyczar to encrypt (what key type, what encrypter class, etc.), we can probably describe what needs to be done to decrypt and verify. It won't be particularly easy, though.

Why can your recipient not use Keyczar? 
--
Shawn Willden | Software Engineer | swil...@google.com | 303-709-2258

nancy

unread,
Oct 29, 2015, 11:47:52 AM10/29/15
to Keyczar Discuss
Hi, We are trying to implement a new java security framework in new project where we used BouncyCastle before with AES for crypto, So I am not much familiar with this..Can anyone elaborate the advantages of Keyczar on Apache Shiro, Jasypt, BouncyCastle, ESAPI and etc. Else any other security framework which is more secure, easy and fast.

Will Sargent

unread,
Oct 29, 2015, 12:30:32 PM10/29/15
to keyczar...@googlegroups.com
Keyczar puts together crypto primitives in a safe way.  All the others you mention do not.  In addition, BouncyCastle is more of a crypto primitive library than an end user library, ESAPI is more about general web security than cryptography, Jasypt has a bad habit of inventing its own crypto, and Shiro puts a cleaner API on top of JCE, but does not help you to avoid bad crypto habits like IV/key reuse, etc.  


If you are looking for competitors to Keyczar, you should look at Kalium, a Java wrapper over libsodium:


Kalium doesn't have any documentation in itself, so you need to look at the classes to see exactly how libsodium is wrapped:


and then the documentation is in libsodium itself:


If you want more information on why crypto is hard and why you should use Keyczar or Kalium:



--

Shawn Willden

unread,
Oct 29, 2015, 12:55:05 PM10/29/15
to keyczar...@googlegroups.com
Excellent answer, Will. Mine wasn't nearly as good, so I'll just delete it.

nancy

unread,
Oct 29, 2015, 1:54:43 PM10/29/15
to Keyczar Discuss
Thank you Will.
Reply all
Reply to author
Forward
0 new messages