参考:
http://acsc.cs.utexas.edu/cpabe/tutorial.html
http://acsc.cs.utexas.edu/cpabe/
事先先配置好cp-abe:http://www.cnblogs.com/rockorange/p/3757805.html
Using the cpabe Toolkit
First download, untar, compile, and install the most recent tarball of libbswabe, the support library. Next do the cpabe tarball. Each can be installed with the standard GNU build system commands.
1.安装cpabe toolkit
$ ./configure
$ make
$ make install
The "$" denotes your shell’s prompt. Note that the package requires thePBC library, so make sure you have that installed first.
Next, to set up the public key and master keys, run cpabe-setup.
2.通过cpabe-setup命令产生 public key and master key
$ cpabe-setup
$ ls
master_key pub_key
Now you can use the file master_key
to produce private keys associated with various sets of attributes. Let’s say you work for a company that just hired two new employees,Sara and Kevin(后面就以这个为例子), and you are going to make private keys for their workstations.
3.使用master_key
和 pub_key 以及cpabe-keygen命令为具有属性值的用户产生私钥
To do so, you use cpabe-keygen to generate a key with the listed attributes using public key PUB_KEY and master secret key MASTER_KEY.
Output will be written to the file "sara_priv_key" unless the−o option is specified.
$ cpabe-keygen -o sara_priv_key pub_key master_key \
sysadmin it_department 'office = 1431' 'hire_date = '`date +%s`
$ cpabe-keygen -o kevin_priv_key pub_key master_key \
business_staff strategy_team 'executive_level = 7' \
'office = 2362' 'hire_date = '`date +%s`
$ ls
master_key pub_key sara_priv_key kevin_priv_key
注意:
(1)cp-keygen使用参照:http://acsc.cs.utexas.edu/cpabe/cpabe-keygen.html
(2)第一行代码的末尾有一个“\”是因为第一行放不下了,想换行继续输命令。
(3)上例产生 了两个私钥sara_priv_key kevin_priv_key,分别是sara和kevin的。
4.使用cpabe-enc命令和pub_key和访问策略加密明文生成密文 (这里事先新建了一个文件security_report.pdf ,这个文件是要被加密的)
As you can see in those examples, some attributes are assigned a value, while others a key simply "has" without further qualification. Thedate
command can be used to help use the current time as an attribute value.
Now suppose later someone wants to encrypt a sensitive document. All they need is the public key, then can usecpabe-enc to encrypt it under a specified policy.
$ ls pub_key security_report.pdf $ cpabe-enc pub_key security_report.pdf (sysadmin and (hire_date < 946702800 or security_team)) or //注意这里一定要换行 (business_staff and 2 of (executive_level >= 5, audit_group, strategy_team)) ^D //ctrl+D 表结束输入 $ ls pub_key security_report.pdf.cpabe
(sysadmin and。。。)这个是访问策略
In this case, they typed the policy on stdin. Note that the attributes of Kevin’s key satisfy this policy, but the attributes of Sara’s key do not.
(在这个例子里,设计的策略是kevin满足,但是sara的不满足)
5.使用cpabe-dec命令,用私钥对密文进行解密。
If Kevin wants to decrypt the document, he can use cpabe-dec.
$ ls
pub_key kevin_priv_key security_report.pdf.cpabe
$ cpabe-dec pub_key kevin_priv_key security_report.pdf.cpabe
$ ls
pub_key kevin_priv_key security_report.pdf
If Sara were to try to decrypt it, an error would be reported.
(如果sara试图解密就会出错,因为sara的属性不符合密文的访问策略,kevin不会)
That’s all there is to using cpabe!
下面是CP-ABE的加解密机制