Vote Decrypt is a service to decrypt a list of encrypted votes and return then in random order.
The service is only reachable via gPRC.
To install the service from source, download the repository and call
go build
./vote-decrypt
The container needs a key file. As default, it looks for it at
/run/secrets/vote_main_key inside the container. Another file (from inside the
container) can be choosen via the first argument. The file has to be mounted
inside the docker container.
docker run -v "$(pwd)"/main_key:/run/secrets/vote_main_key vote-decrypt
The service needs a main key. This has to be 32 random bytes. It is used to sign the poll keys and to sign the voting result.
The main file can be created with
head /dev/urandom -c 32 > main.key
or with the vote-decrypt tool
vote-decrypt main-key KEYFILE
The users need the public key of the main key to make sure the data from the vote-decrypt service was not altered with.
The public key can be created with:
vote-decrypt pub-key KEYFILE
The keys are in raw bytes. To decode it with base64 use
vote-decrypt pub-key KEYFILE --base64
To see the options for all commands of vote-decrypt, call:
vote-decrypt --help
vote-decrypt saves some data for each started poll. Currently the only
supported storrage backend is the filesystem.
As default, the uses the folder vote_data.
When a poll is started, a .key-file is created. It contains the private poll
key for the started key. KEEP THIS PRIVATE. This file is needed to decrypt the
poll after it is done. If this file gets lost, it is not possible to decrypt a
poll.
When a poll is stopped, a .hash-file is created. It contains the signature for
the poll result. The file makes sure, that stop can not be called with different
data.
The service can be reached via gRPC. The proto file can be found in the folder grpc/decrypt.proto.
It contains three methods. PublicMainKey, Start, Stop, and Clean.
PublicMainKey returns the public main key that is used to sign the poll poll keys and the poll results.
Start has to be called at the beginning of a poll. It tells the vote-decrypt server to start accepting votes.
The method returns the public poll key and its signature. The signature can be validated with the public main key.
Stop has to be called to finish the poll. It expects a list of votes.
The method call be called multiple times, but only with the same payload. It is not possible to call it with different votes.
The method returns the decrypted votes as one blob of data and it signature. The signature can be validated with the public main key.
Clear should be called after stop to remove all poll related data.
A poll with vote-decrypt has three parties. The clients, the poll manager and vote-decrypt:
- The clients have to receive the public main key via a secure channel.
- The poll manager start a poll by calling
Start. - The poll manager distributes the public poll key with its signature to the clients.
- The clients validate the public poll key with its signature and the main key.
- The clients create there vote and encrypt them with the public poll key.
- The clients send the encrypted votes to the poll manager.
- After the poll manager received all votes, he sends them to vote-decrypt by
calling the
Stopmethod. - The poll manager receives the decrypted vote list with its signature and distributes them to the clients as a blob.
- The clients validate the vote blob with its signature and the main key.
- The clients evaulute the poll.
To evalute the vote blob, the clients make sure that there value are in the blob and where therefore respected. The signed blob contains a poll-id that the client use to make sure, that the blob is for the correct poll.
The service uses the following enironment variables:
VOTE_DECRYPT_PORT: Port for the gRPC serice to listen to. Default is9014.VOTE_DECRYPT_STORE: Folder to store the poll keys. Default isvote_data.
- Fix the Stop method to hash the input instead of the output.
- Fix more timing attacks.
- Write a postgres storage backend.
- Write errors messages as output.
- Use the main key to encrypt the stored data (poll keys and poll hashes)