1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
|
Installation
============
# This part describes the installation of cpabe and peks.
# You will need to install some official packages that can be
# retrieved online on official repositories.
# You will need to install manually 3 libraries
# Root privileges are required
# Install official packages:
# build-essebtial and autotools-dev for compilation and installation
# libglib2.0-dev for the glib library
# libgmp3-dev for the GMP library
# flex and bison are necessary for the libbswabe library
# libssl-dev is necessary for the crypto operations
`sudo apt-get install build-essential autotools-dev libglib2.0-dev libgmp3-dev flex bison libssl-dev`
# Three libraries have to be installed manually:
# PBC: Pairing Based Cryptography (for pairing operations over elliptic curves)
# More info: http://crypto.stanford.edu/pbc/
#
# libbswabe: Core operations for cpabe and peks
# More info: http://acsc.cs.utexas.edu/cpabe/
#
# cpabe: Cyphertext-Policy Attribute Based Encryption library
# Implements the 4 algorithms for CPABE: setup, keygen, enc and dec
# Implements the 4 algorithms for PEKS: setup, enc, trap and test
# More info: http://acsc.cs.utexas.edu/cpabe/
# Replace <PATH-TO-REP> with the path to the POC repository
Install pbc
-----------
* `cd <PATH-TO-REP>/pbc-0.5.14`
* `./configure`
* `make`
* `sudo make install`
Install libbswabe
-----------------
* `cd <PATH-TO-REP>/libbswabe-0.9/`
* `./configure`
* `make`
* `sudo make install`
Install cpabe
-------------
* `cd <PATH-TO-REP>/cpabe-0.11/`
* `./configure`
* `make`
* sudo make install
Manual
======
# Below we describe each functionality of the cpabe and peks:
# For using with the python wrapper, just call ./[PROG-NAME].py [OPTIONS...] ...
# The pythons scripts are in the folder <PATH-TO-REP>/python
# Ex: ./cpabe-setup.py -h
# Some examples are given at the end of this document.
cpabe-setup:
Usage: cpabe-setup [OPTION ...]
Generate system parameters, a public key, and a master secret key
for use with cpabe-keygen, cpabe-enc, and cpabe-dec.
Output will be written to the files "pub_key" and "master_key"
unless the --output-public-key or --output-master-key options are
used.
Mandatory arguments to long options are mandatory for short options too.
-h, --help print this message
-v, --version print version information
-p, --output-public-key FILE write public key to FILE
-m, --output-master-key FILE write master secret key to FILE
-d, --deterministic use deterministic "random" numbers
(only for debugging)
cpabe-keygen:
Usage: cpabe-keygen [OPTION ...] PUB_KEY MASTER_KEY ATTR [ATTR ...]
Generate a key with the listed attributes using public key PUB_KEY and
master secret key MASTER_KEY. Output will be written to the file
"priv_key" unless the -o option is specified.
Attributes come in two forms: non-numerical and numerical. Non-numerical
attributes are simply any string of letters, digits, and underscores
beginning with a letter.
Numerical attributes are specified as `attr = N', where N is a non-negative
integer less than 2^64 and `attr' is another string. The whitespace around
the `=' is optional. One may specify an explicit length of k bits for the
integer by giving `attr = N#k'. Note that any comparisons in a policy given
to cpabe-enc(1) must then specify the same number of bits, e.g.,
`attr > 5#12'.
The keywords `and', `or', and `of', are reserved for the policy language
of cpabe-enc (1) and may not be used for either type of attribute.
Mandatory arguments to long options are mandatory for short options too.
-h, --help print this message
-v, --version print version information
-o, --output FILE write resulting key to FILE
-d, --deterministic use deterministic "random" numbers
(only for debugging)
cpabe-enc:
Usage: cpabe-enc [OPTION ...] PUB_KEY FILE [POLICY]
Encrypt FILE under the decryption policy POLICY using public key
PUB_KEY. The encrypted file will be written to FILE.cpabe unless
the -o option is used. The original file will be removed. If POLICY
is not specified, the policy will be read from stdin.
Mandatory arguments to long options are mandatory for short options too.
-h, --help print this message
-v, --version print version information
-k, --keep-input-file don't delete original file
-o, --output FILE write resulting key to FILE
-d, --deterministic use deterministic "random" numbers
(only for debugging)
cpabe-dec:
Usage: cpabe-dec [OPTION ...] PUB_KEY PRIV_KEY FILE
Decrypt FILE using private key PRIV_KEY and assuming public key
PUB_KEY. If the name of FILE is X.cpabe, the decrypted file will
be written as X and FILE will be removed. Otherwise the file will be
decrypted in place. Use of the -o option overrides this
behavior.
Mandatory arguments to long options are mandatory for short options too.
-h, --help print this message
-v, --version print version information
-k, --keep-input-file don't delete original file
-o, --output FILE write output to FILE
-d, --deterministic use deterministic "random" numbers
(only for debugging)
cpabe-policyList:
Usage: cpabe-policyList [OPTION ...] PUB_KEY CIPHERTEXT
Print the access policy of a ciphertext CIPHERTEXT
Mandatory arguments to long options are mandatory for short options too.
-h, --help print this message
-v, --version print version information
-d, --deterministic use deterministic "random" numbers
(only for debugging)
cpabe-attrList:
Usage: cpabe-attrList [OPTION ...] PUB_KEY PRV_KEY
Print the attributes of a private key PRV_KEY
Mandatory arguments to long options are mandatory for short options too.
-h, --help print this message
-v, --version print version information
-d, --deterministic use deterministic "random" numbers
(only for debugging)
peks-ind:
Usage: peks-index [OPTION ...] PUB_KEY IND
Generate an encrypted index given a clear index IND.
The clear index should be of the form:
keyword_1
keyword_2
...
It uses the public key PUB_KEY and a clear index IND.
The encrypted index will be written to the file "enc_ind"
unless the --output is used.
Mandatory arguments to long options are mandatory for short options too.
-h, --help print this message
-v, --version print version information
-o, --output FILE write index to FILE
-d, --deterministic use deterministic "random" numbers
peks-trap:
Usage: peks-trap [OPTION ...] PUB_KEY MSK_KEY KEYWORD
Generate an encrypted trapdoor given a clear keyword KEYWORD.
It uses the public key PUB_KEY and the master key MSK_KEY.
The encrypted trapdoor will be written to the file "enc_trap"
unless the --output is used.
Mandatory arguments to long options are mandatory for short options too.
-h, --help print this message
-v, --version print version information
-o, --output FILE write index to FILE
-d, --deterministic use deterministic "random" numbers
peks-test:
Usage: peks-index [OPTION ...] PUB_KEY IND TRAP
Test a trapdoor over an encrypted index IND.
It uses the public key PUB_KEY,
an encrypted index IND and an encrypted trapdoor TRAP.
returns 1 if there is a match, 0 if not
Mandatory arguments to long options are mandatory for short options too.
-h, --help print this message
-v, --version print version information
-d, --deterministic use deterministic "random" numbers
# Examples (See also http://acsc.cs.utexas.edu/cpabe/tutorial.html)
# For using with the python wrapper, just call ./[PROG-NAME].py [OPTIONS...] ...
# The pythons scripts are in the folder <PATH-TO-REP>/python
# Ex: ./cpabe-setup.py
# Generate master key and public key
$ cpabe-setup
$ ls
master_key pub_key
# Generate private key for Sara and Kevin with attributes
# sysadmin, it_department for Sara
# business_staff, strategy_team for Kevin
$ cpabe-keygen -o sara_priv_key pub_key master_key sysadmin it_department
$ cpabe-keygen -o kevin_priv_key pub_key master_key business_staff strategy_team
$ ls
master_key pub_key sara_priv_key kevin_priv_key
# Encrypt a file security_report.pdf with a policy (business_staff and strategy_team) or (sysadmin and business_staff)
$ ls
pub_key security_report.pdf
$ cpabe-enc pub_key security_report.pdf "(sysadmin and business_staff) or (business_staff and strategy_team)"
$ ls
pub_key security_report.pdf.cpabe
# Print the policy of the ciphertext
$ ls
pub_key security_report.pdf.cpabe
$ cpabe-policyList pub_key security_report.pdf.cpabe
business_staff sysadmin 2of2 business_staff strategy_team 2of2 1of2
# Print the attributes of Kevin's private key
$ ls
pub_key kevin_priv_key
$ cpabe-attrList pub_key kevin_priv_key
# Decryption with Kevin's private key
$ ls
pub_key kevin_priv_key security_report.pdf.cpabe
$ cpabe-dec pub_key kevin_priv_key security_report.pdf.cpabe
$ ls
pub_key kevin_priv_key security_report.pdf
# Create an encrypted index
$ ls
pub_key testindex
$ peks-ind pub_key testindex
$ ls
enc_ind pub_key testindex
# Create a trapdoor for the word my_keyword
$ ls
pub_key master_key
$ peks-trap pub_key master_key my_keyword
$ ls
enc_trap pub_key master_key
# Test if an encrypted index matches with a trapdoor
$ ls
pub_key enc_ind enc_trap
$ peks-test pub_key enc_ind enc_trap
$ echo $?
0
|
