READynamic Encryption

Introduction

READynamic provides a native eBook encryption feature that uses the Advanced Encryption Standard (AES) method to secure EPUB files that are uploaded to READynamic and read in the READynamic mobile app. AES was introduced by the United States National Institute of Standards and Technology in 2001 and is one of the best encryption algorithms available.

PDF documents are not encrypted. If a PDF document is processed as a PDF eBook in READynamic, it is rendered as a set of individual bitmap image files, one per page. These image files are stored in an non-encrypted archive. Alternatively, READynamic can convert a PDF eBook file into an EPUB file when the file is uploaded. The resulting EPUB file can be encrypted.

Using READynamic Encryption

To enable READynamic Encryption, change the setting for offline book encryption in the server_configuration_overrides.yml configuration file. The YML file is a simple text file that you can open and edit in the Windows Notepad or the Mac Text Editor.

Under the “offline downloads” heading the “offline_book_encryption” setting appears.

  • To turn on READynamic Encryption, make the setting equal to “atb.”
  • To turn off encryption, make the setting equal to “none.”
  • To enable the User Rights Management Solution (URMS), make the setting equal to “urms.”

If READynamic Encryption is turned on, the setting in the configuration file would look like this:

offline_book_encryption: 'atb' # 'none' or 'atb' or 'urms'

How READYnamic Encryption works

To encrypt EPUB files for use on iOS and Android mobile devices, READynamic Encryption uses a 256-bit key generated with the AES algorithm. The key is in Cipher Block Chaining (CBC) mode, where a cipher key is applied to a block of data in a fixed size, rather than encrypting data bit by bit. Every file in the book.zip archive has a 16-byte header at the beginning of that file, and this header is used as the Initialization Vector to decrypt that file. An end user private key is required. Each READynamic user is automatically assigned a private key.

The private key identifies the user and gives that person access to READynamic. This is also known as the Authentication Token.  The file key locks the individual ePUB file.

When the original raw, non-encrypted ePUB file is uploaded, it is stored as two files, a non-encrypted file and an offline download archive. This archive is in the form of a zip file that contains a 256 BIT AES encrypted version of the ePUB file.

If the user reads the eBook with a browser, the browser opens the non-encrypted ePUB file.

If the user opens the eBook using a mobile device app, the system opens the encrypted version of the ePUB file.

Decrypting an eBook file for a mobile client app

When an user opens an EPUB using the READynamic mobile app, the file must be decrypted first. The decryption process is not visible to the end user.

  1. Retrieve the private key assigned to the user (authentication token).
  2. Retrieve the encrypted file key for the EPUB file.
  3. The private key decrypts the file key resulting in the AES 256-bit key.
  4. The first 16 bytes of the file are read. This is the Initialization Vector.
  5. Using the decrypted AES 256-bit key and the Vector, the file is decrypted.
  6. The EPUB file is rendered so that the user can read it.

Sample Code

This is an example of the code within READynamic that manages file decryption.

```
#!ruby
file = 
private_key = 
encrypted_key = 

# read our private key
rsa = OpenSSL::PKey::RSA.new(Base64.decode64(private_key))

# initialize our cipher
cipher = OpenSSL::Cipher.new("AES-256-CBC")

# set the cipher to decrypt mode
cipher.decrypt

# decrypt the encrypted aes key
cipher.key = rsa.public_decrypt(encrypted_key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)

# read the 16 byte IV and use it.
cipher.iv = file.read(16)

# read 4096 bytes and decrypt them block by block.
while file.read(4096, buf)
  outf << cipher.update(buf)
end

outf << cipher.final
```