Using the cpabe Toolkit

First download, untar, compile, and install the most recent tarball of libbswabe, the support library. Next do the cpabe tarball. Each can be can be installed with the standard GNU build system commands.

$ ./configure
$ make
$ make install

The "$" denotes your shell’s prompt. Note that the package requires the PBC library, so make sure you have that installed first.

Next, to set up the public key and master keys, run cpabe-setup.

$ cpabe-setup
$ ls
master_key  pub_key

Now you can use the file master_key to produce private keys associated with various sets of attributes. Let’s say you work for a company that just hired two new employees, Sara and Kevin, and you are going to make private keys for their workstations.

To do so, you use cpabe-keygen.

$ cpabe-keygen -o sara_priv_key pub_key master_key \
    sysadmin it_department 'office = 1431' 'hire_date = '`date +%s`
$ cpabe-keygen -o kevin_priv_key pub_key master_key \
    business_staff strategy_team 'executive_level = 7' \
    'office = 2362' 'hire_date = '`date +%s`
$ ls
master_key  pub_key  sara_priv_key  kevin_priv_key

As you can see in those examples, some attributes are assigned a value, while others a key simply "has" without further qualification. The date command can be used to help use the current time as an attribute value.

Now suppose later someone wants to encrypt a sensitive document. All they need is the public key, then can use cpabe-enc to encrypt it under a specified policy.

$ ls
pub_key  security_report.pdf
$ cpabe-enc pub_key security_report.pdf
    (sysadmin and (hire_date < 946702800 or security_team)) or
    (business_staff and 2 of (executive_level >= 5, audit_group, strategy_team))
$ ls
pub_key  security_report.pdf.cpabe

In this case, they typed the policy on stdin. Note that the attributes of Kevin’s key satisfy this policy, but the attributes of Sara’s key do not.

If Kevin wants to decrypt the document, he can use cpabe-dec.

$ ls
pub_key kevin_priv_key security_report.pdf.cpabe
$ cpabe-dec pub_key kevin_priv_key security_report.pdf.cpabe
$ ls
pub_key  kevin_priv_key  security_report.pdf

If Sara were to try to decrypt it, an error would be reported.

That’s all there is to using cpabe!