tink icon indicating copy to clipboard operation
tink copied to clipboard

Published 20 hours ago verified publisher icon tink-crypto

Dervied keys?

Open glenjamin opened this issue 3 years ago • 2 comments

Help us help you

Please tell us more about your Tink deployment.

n/a

Is your feature request related to a problem?

vault supports a concept it calls "derived keys", the short version is:

Key derivation is supported, which allows the same key to be used for multiple purposes by deriving a new key based on a user-supplied context value.

This enables things like per-row encryption keys for data stored in a database, such that even if an attacker had a database dump and could brute force the first encryption key, that key would not decrypt the other rows in the database.

I don't know what this is doing under the hood, but I assume it's combining the original key material with the user-supplied data, applying a sufficiently safe hash, and then using that as the encryption/decryption key

Describe the solution you'd like

It would be neat if the AEAD interface supported doing something like this.

Describe alternatives you've considered

Is this actually a useful property? As I was writing this ticket I started to wonder whether this is really actually more secure than a single secure key.

Or maybe this is already supported in some fashion, and I've failed to grok the docs properly.

Additional context

The relevant vault docs which mention this: https://www.vaultproject.io/docs/secrets/transit

glenjamin avatar Jan 06 '21 19:01 glenjamin

Yes, this is a useful feature. At Google we use this in several products, though not with user-supplied data because users tend to forget or lose data. Instead, we usually derive keys from the user ID.

Our internal version of Tink already supports this. We'll discuss when we can release it and come back once we have a date or something.

thaidn avatar Jan 20 '21 06:01 thaidn

Any word on this? We're looking into incorporating some new scenarios and this would be very handy.

If there's still more work before it can be added to core, is there a way to do this securely from outside the library?

glenjamin avatar Mar 17 '21 18:03 glenjamin

We are working on this.

juergw avatar Jan 31 '23 09:01 juergw

Key derivation is now supported in Java [1], C++ [2], and Golang [3]. Please see example usage below.

[1] https://github.com/tink-crypto/tink-java/blob/541ea31aa0b33e12165678aac553fb1bc32a8f9d/src/test/java/com/google/crypto/tink/keyderivation/KeyDerivationTest.java#L57 [2] https://github.com/tink-crypto/tink-cc/blob/452ddddaef20163520f4e648b1b83f16849d1d10/tink/keyderivation/key_derivation_config_test.cc#L42 [3] https://github.com/google/tink/blob/9bc2667963e20eb42611b7581e570f0dddf65a2b/go/keyderivation/keyderivation_test.go

cindylindeed avatar May 18 '23 22:05 cindylindeed