Using the cpabe Toolkit
First download, untar, compile, and install the most recent tarball of libbswabe, the support library. Next do the cpabe tarball. Each can be can be installed with the standard GNU build system commands.
$ ./configure $ make $ make install
The "$" denotes your shell’s prompt. Note that the package requires the PBC library, so make sure you have that installed first.
Next, to set up the public key and master keys, run cpabe-setup.
$ cpabe-setup $ ls master_key pub_key
Now you can use the file
master_key to produce
private keys associated with various sets of attributes.
Let’s say you work for a company that just hired two new
employees, Sara and Kevin, and you are going to make private
keys for their workstations.
To do so, you use cpabe-keygen.
$ cpabe-keygen -o sara_priv_key pub_key master_key \ sysadmin it_department 'office = 1431' 'hire_date = '`date +%s` $ cpabe-keygen -o kevin_priv_key pub_key master_key \ business_staff strategy_team 'executive_level = 7' \ 'office = 2362' 'hire_date = '`date +%s` $ ls master_key pub_key sara_priv_key kevin_priv_key
As you can see in those examples, some attributes are assigned a
value, while others a key simply "has" without further
date command can be used to help
use the current time as an attribute value.
Now suppose later someone wants to encrypt a sensitive document. All they need is the public key, then can use cpabe-enc to encrypt it under a specified policy.
$ ls pub_key security_report.pdf $ cpabe-enc pub_key security_report.pdf (sysadmin and (hire_date < 946702800 or security_team)) or (business_staff and 2 of (executive_level >= 5, audit_group, strategy_team)) ^D $ ls pub_key security_report.pdf.cpabe
In this case, they typed the policy on stdin. Note that the attributes of Kevin’s key satisfy this policy, but the attributes of Sara’s key do not.
If Kevin wants to decrypt the document, he can use cpabe-dec.
$ ls pub_key kevin_priv_key security_report.pdf.cpabe $ cpabe-dec pub_key kevin_priv_key security_report.pdf.cpabe $ ls pub_key kevin_priv_key security_report.pdf
If Sara were to try to decrypt it, an error would be reported.
That’s all there is to using cpabe!