Daniel Kreuer

• Software Developer & Architect
• Agile Principles
• DevOps from start to finish
• 20+ years experience in PHP

• Co-Organizer of PHP Usergroup Frankfurt
• working for JUIT GmbH since May 2019

• @dkreuer
• daniel.kreuer@juit.de
• https://danielkreuer.com

David Weichert

• Software Developer
• Agile ❦ Legacy ❦ History
• Programming professionally since 1996
• PHP since 2006

• working for JUIT GmbH since May 2019

• @sternentagebuch
• david.weichert@juit.de
• https://davidweichert.com

JUIT GmbH

• Small Team of Software Developers, all remote
• PHP, JavaScript, TypeScript
• Symfony, Vue, React APIs, Typo3, SuluCMS
• Infrastructure CI/CD, Trainings, EventStorming, Consulting

• https://www.juit.de/

Miss Racoon

• Cooperation with cookies + friends, agency based in Bad Homburg
• Strong focus on data privacy, resiliency, and simplicity
• Used in gastronomy/catering, cabaret and pop-up events

• https://www.miss-racoon.com/

• A person who wants to communicate securely creates a pair of keys
• The private key is kept secret, the public key is published, e.g. to the internet
• A message is encrypted by the sender using the public key of the recipient
• The recipient uses the private key (that is kept safe from everybody else) to decrypt the message
• The public key crucially cannot be used to decrypt the message

• One-Way-Functions aka Humpty-Dumpty-Functions, are named thus, because like the breaking of an egg (or Humpty Dumpty falling off the wall) they cannot easily be reversed, i.e. the inverse function is not trivial
• Alice and Bob agree on a general one-way function:
      7^x (mod 11)
  Eve knows this
• Alice chooses a secret number, known only to her, say 3
  Alice calculates: 7³ (mod 11) = 343 (mod 11) = 2
• Bob chooses a secret number, known only to him, say 6
  Bob calculates: 7⁶ (mod 11) = 117.649 (mod 11) = 4
• They exchange the result of their calculations
  Eve knows:
  7^x (mod 11) = 2; for Alice's x
  7^x (mod 11) = 4; for Bob's x

• Alice calculates 4³ (mod 11) = 64 (mod 11) = 9
  Bob calculates 2⁶ (mod 11) = 64 (mod 11) = 9
• This was discovered by Martin Hellman in 1976.

Process

1. Generate a long symmetric password and a random seed
2. Encrypt data with symmetric password and seed
3. Encrypt symmetric password and seed with public key
4. Store encrypted data and encrypted password/seed

Benefits

• Every blob of data is encrypted with a one-time password
• Big data can be encrypted with a symmetric key faster than asymmetrically
• Data can only be decrypted by possessing private key
• Symmetric password may be re-encrypted with a different public key, effectively granting access for a different entity.

Process

1. Client sends fingerprint and signed random string with every request
2. 1st Level of security: Server searches for public key in it's database by fingerprint and returns only data having a connection with the fingerprint
3. 2nd Level of security: Server validates signature and denies invalid signatures

Benefits

• Only data available for fingerprint may be sent back to client
• Even if a valid fingerprint is guessed, data is still encrypted
• No username/password required, No bearer token or oauth ...
• TLS network level encryption is not required, MITM proxies still won't see data

Drawbacks

• Private Key must be present on client machine to decrypt data
• Mitigation: Create key per machine and grant access, use Hardware Token implementation ...