1

Is there a encryption algorithm that allows more than one key to decrypt and encrypt?

A = Key one
B = Key two

Data exchange should be possible as follows

1. Clear Text == A ==> Encrypted == B ==> Clear Text
2. Clear Text == B ==> Encrypted == A ==> Clear Text

EDIT 1:
Algorithm should be available in Java.

EDIT 2: Broader picture
A database stores encrypted data. Most of the users have to read and write (decrypt and encrypt) a small portion of the data using their personal password. Some users need to access (decrypt and encrypt) all of the data, using their personal password.
Members of both user groups must not know another password than theirs.

Improve this question
2

2 Answers 2

Reset to default
2

This is typically solved by storing a symmetric key encrypted under one or more public keys.

The symmetric key is used to encrypt the data in your database. Each user has an asymmetric key pair. If the user has the right to view a piece of data, you must store a copy of the symmetric key encrypted under the user's public key.

This is all achievable in Java. Cipher.WRAP_MODE can be used for the key wrapping/un-wrapping.

Because you mentioned Java as a constraint, I felt this question was just about on-topic. But note that general discussions about cryptography and security design are off-topic for Stack Overflow.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you Duncan. Found this about Cipher.WRAP_MODE: flylib.com/books/en/1.274.1.29/1
2

If A is public key and B the corresponding private key (or the other way around) in a PKI system, then yes, otherwise no.

UPDATE: You have provided the "broader picture" now, and I'm afraid the answer has become: no, you can't do that. To understand why, you need to realize that both groups need to be able to encrypt and decrypt. So you requirements really are:

  1. Clear Text == A ==> Encrypted == B ==> Clear Text
  2. Clear Text == B ==> Encrypted == A ==> Clear Text
  3. Clear Text == A ==> Encrypted == A ==> Clear Text
  4. Clear Text == B ==> Encrypted == B ==> Clear Text

The best you can do is use some authorization mechanism to control who has access to the data, and store the data itself unencrypted.

Improve this answer

2 Comments

Am I able to encrypt data with the private key?
Some API's may not allow you to do that directly, but yes it is possible. In fact this is the basis for a digital signature: being able to decrypt with someones public key proves that the data was encrypted with the corresponding private key. Only in reality, for performance sake, a hash is encrypted instead of the entire document to produce a digital signature.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.