參考:
http://acsc.cs.utexas.edu/cpabe/tutorial.html
http://acsc.cs.utexas.edu/cpabe/
事先先配置好cp-abe:http://www.cnblogs.com/rockorange/p/3757805.html
Using the cpabe Toolkit
First download, untar, compile, and install the most recent tarball of libbswabe, the support library. Next do the cpabe tarball. Each can be installed with the standard GNU build system commands.
1.安裝cpabe toolkit
$ ./configure
$ make
$ make install
The "$" denotes your shell’s prompt. Note that the package requires thePBC library, so make sure you have that installed first.
Next, to set up the public key and master keys, run cpabe-setup.
2.通過cpabe-setup命令產生 public key and master key
$ cpabe-setup
$ ls
master_key pub_key
Now you can use the file master_key to produce private keys associated with various sets of attributes. Let’s say you work for a company that just hired two new employees,Sara and Kevin(後面就以這個爲例子),
and you are going to make private keys for their workstations.
3.使用master_key 和 pub_key 以及cpabe-keygen命令爲具有屬性值的用戶產生私鑰
To do so, you use cpabe-keygen to generate a key with the listed attributes using public key PUB_KEY and master secret key MASTER_KEY.
Output will be written to the file "sara_priv_key" unless the−o option is specified.
$ cpabe-keygen -o sara_priv_key pub_key master_key \
sysadmin it_department 'office = 1431' 'hire_date = '`date +%s`
$ cpabe-keygen -o kevin_priv_key pub_key master_key \
business_staff strategy_team 'executive_level = 7' \
'office = 2362' 'hire_date = '`date +%s`
$ ls
master_key pub_key sara_priv_key kevin_priv_key
注意:
(1)cp-keygen使用參照:http://acsc.cs.utexas.edu/cpabe/cpabe-keygen.html
(2)第一行代碼的末尾有一個“\”是因爲第一行放不下了,想換行繼續輸命令。
(3)上例產生 了兩個私鑰sara_priv_key kevin_priv_key,分別是sara和kevin的。
4.使用cpabe-enc命令和pub_key和訪問策略加密明文生成密文 (這裏事先新建了一個文件security_report.pdf ,這個文件是要被加密的)
As you can see in those examples, some attributes are assigned a value, while others a key simply "has" without further qualification. Thedate command can be used to help use the current time as an attribute value.
Now suppose later someone wants to encrypt a sensitive document. All they need is the public key, then can usecpabe-enc to encrypt it under a specified policy.
$ ls pub_key security_report.pdf $ cpabe-enc pub_key security_report.pdf (sysadmin and (hire_date < 946702800 or security_team)) or //注意這裏一定要換行 (business_staff and 2 of (executive_level >= 5, audit_group, strategy_team)) ^D //ctrl+D 表結束輸入 $ ls pub_key security_report.pdf.cpabe
(sysadmin and。。。)這個是訪問策略
In this case, they typed the policy on stdin. Note that the attributes of Kevin’s key satisfy this policy, but the attributes of Sara’s key do not.
(在這個例子裏,設計的策略是kevin滿足,但是sara的不滿足)
5.使用cpabe-dec命令,用私鑰對密文進行解密。
If Kevin wants to decrypt the document, he can use cpabe-dec.
$ ls
pub_key kevin_priv_key security_report.pdf.cpabe
$ cpabe-dec pub_key kevin_priv_key security_report.pdf.cpabe
$ ls
pub_key kevin_priv_key security_report.pdf
If Sara were to try to decrypt it, an error would be reported.
(如果sara試圖解密就會出錯,因爲sara的屬性不符合密文的訪問策略,kevin不會)
That’s all there is to using cpabe!
下面是CP-ABE的加解密機制
