Hi everyone AsymmetricCryptography is an extension which you can use to add end-to-end encryption in your app.It uses asymmetric encryption which ensures that your data is safe.
Latest Version: 3.1 Last Updated:2021-06-29T18:30:00Z
A quick and short documentation for AsymmetricCryptography :
Generates keys of provided length and raises event ‘KeysGenerated’ with success and response values.
Note: (i) Big key size will consume more ram.It behaves normal upto 4096.
(ii) Key length should be at least 8 times of string length.
For Example :
A key of length 1024 can encrypt a string of length 128.
Returns private key in string format
Returns public key in string format
Tries to encrypt given string with provided public key and returns encrypted text
Tries to decrypt given string with provided private key and returns decrypted text
Asynchronous version of Decrypt method
Asynchronous version of Encrypt method
Aix can be downloaded from Github Repo:
I would like to say thank you to @sonumohammad333 for testing extension and giving helpful advices.
Also a lot of thanks to @Kodular for this great platform
Some internal changes so that you don’t have to call ‘GenerateKeys’ method to initialize extension.
Minor bug fixes
Some internal changes
ChangeLog Version 3.1
GenerateKeys method now works asynchronously
7.Liked my work/Support me
Thank you for your love
But as we all know our beautiful earth is facing a big pandemic named Corona or Covid-19 so if you want to support me or you have liked my work then please donate as much as possible money to relief funds and help people living in your local
When you want to use end-to-end encryption , you have two options -
1.Symmetric Encryption (Learn more)
2.Asymmetric Encryption (Learn more)
Lets talk about Symmetric Encryption first.It uses same key for both encryption and decryption which makes it easy to use but at the same time it becomes less secure.
Let’s go some deeper(these are not my words): In symmetric encryption the same key is used to encrypt and decrypt on both sides. This poses a problem as both legitimate parties need to have the key, which may involve sending it over from one side to the other, thereby exposing it to being compromised. It is therefore not effective in all cases.
Now come to Asymmetric Encryption.It uses a pair of Private and Public Keys to encrypt and decrypt data which makes its usage complex but more secured. Two types of keys are used for each party, one public key and one private key, that is each party has a public key and a private key. The public keys are available to both parties, and to anyone else, as the two parties mutually share their public keys prior to communication. Tom uses Harry 's public key to encrypt the message, which can now only be decrypted using this (Harry's) public key and Harry's private key. This private key is only available to Harry and to no one else, not even to Tom the sender. This key is the one element that makes it impossible for any other party to decrypt the message because there is no need to send the private key over.
So what is end-to-end encryption? End-to-end encryption works as explained above, and is an implementation of asymmetric encryption. As the name implies, end-to-end encryption protects data such that it can only be read on the two ends, by the sender, and by the recipient. No one else can read the encrypted data, including hackers, governments, and even the server through which the data is passing.
Read more about it here
After reading those things a question came to my mind: Does whatsapp really use end-to-end encryption?
So I Googled it and found that it uses both encryption algorithms:
At last I can’t say that it will give you encryption like WhatsApp but it is very close to encryption algorithm used in WhatsApp
Hi @Harsh_Rajput Welcome to Kodular Community
Yes you can use it with any database.
It is not any database specific so it can be independently used with all databases.
But it will be very complex thing because you will have to save your own public and private key in database so that you can use those keys to encrypt and decrypt data.
Thanks vknow360 Ya i understood but when we stored keys in our database, there are some possibilities to hacker to get keys from database and then hack the whole data.
I’m still doubted. May be it’s not 100% secure.
Big thank you for creating this great extension! Asymmetric encryption was the one thing I couldn’t find in kodular. However, I have a couple of suggestions that would help a lot with usability.
First suggestion is to include an option to be able to encrypt using multiple public keys in a list. This would allow text (data) to be later decrypted by any one of two or more private keys. If you think of a chat app, at a minimum, you would likely want two public keys. A chat message should be encrypted with both the receiver and sender public keys. This way, you would only need to store one copy in a database that could be read by sender or receiver. Also, you could potentially have multiple recipients. Work around would be to store multiple copies of a message, one for each person, but that is not practical when storing or transmitting data.
Second option I would like to see is option to encrypt data besides text such as pictures, video or audio. Again, using a chat app as an example, it is common to attach an image.
Hi @jl9322 Welcome to Kodular Community
Glad you liked it
It seems fine from one side but when you go deeper you will find that you are compromising with your privacy.The logic behind asymmetric encryption is that it encrypts data in such a way that the one who has private key can decrypt the data. But what if there will be two public and private keys? Well in that case if someone somehow got one of both keys then your data can be decrypted easily.
I will try to add this
Thank you for your suggestions
I found this useful so I want to share it with you:
Thanks for the reply @vknow360 and for taking my suggestions into consideration.
I see your point on security is weakened by using multiple keys to encrypt. However, the additional risk should be up the to app designer and users. It would be like sharing a secret, the more people you tell, the more likely your secret will get out, but a choice that is made.
I would think using multiple public keys is a fairly common use case, especially if the two keys belong to the sender and recipient of a message or file. Without this option, only the recipient (private key holder) would be able decrypt the data. The person that encrypted the data would have no way to then decrypt it.
Using a chat app as an example, where message are stored on a server, the message would have to be encrypted and stored twice for both the sender and recipient to be able to later fetch and read the message. I would think that it would be more practical in most cased just to encrypt the message once with two public keys.
Still using a chat app as an example, if you had a conversation between three people, it would get much more complicated to encrypt messages. Sender would have to encrypt message three times, two recipients plus their copy of sent message. Then there would be no way to guarantee or prove that all recipients received the same message or data.
Another example may be where a user wants to secure some data, but have the option for someone else to possibly be able to retrieve a document. Say an employ secures a document, but needs one or more people to be able to decrypt it for use or as a back up without having to share the private key. With only one key, there is no back up if something happens to the one and only private key.
Your chat app example reminds me a wonderful and useful post by Evan W. Patton on MIT AI2 community:
If I am not wrong KeyChain is an Android implementation of PGP which also uses Asymmetric Encryption.It implements a solution such that symmetric encryption is used to encrypt data, and asymmetric encryption is used to encrypt the key.
Now if you want to use PGP in Kodular then use Cryptography component and this extension together.