Author

Topic: Encryption question (Read 520 times)

hero member
Activity: 994
Merit: 507
June 09, 2013, 09:50:59 PM
#10
Thanks theymos and MysteryMiner. You have given me more to think about!  Smiley
administrator
Activity: 5222
Merit: 13032
June 09, 2013, 09:31:25 PM
#9
Encrypt the data with a random key using symmetric crypto (ie AES). For each person who can get access, encrypt to their public key:
- The random key used with the symmetric crypto.
- A unique access key which the server also knows in a database.

The downloader first downloads the public-key-encrypted file. They send the access key to the server, which allows them to download the larger encrypted file if the access key is OK. Then they can decrypt it using the data key.

To revoke access, delete their public-key-encrypted files and remove their access keys from the database.
hero member
Activity: 994
Merit: 507
June 09, 2013, 09:12:57 PM
#8
As I understand he wants to do this on server side.
Exactly. I want to set up sharing of data on a server. At no time can the server see what the data is. I'd like to then change who has access without the server ever being able to see the data.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
June 09, 2013, 08:59:03 PM
#7
As I understand he wants to do this on server side.
administrator
Activity: 5222
Merit: 13032
June 09, 2013, 08:57:01 PM
#6
If you send someone some ciphertext that they can decrypt, then they'll always be able to decrypt that ciphertext.

It's easy to remove a recipient from an OpenPGP encrypted message. Just remove the packet with their encrypted session key. I don't know how you would do this with any PGP tool, though.
hero member
Activity: 994
Merit: 507
June 09, 2013, 08:54:17 PM
#5
yes, it needs to be re-encrypted to remove access to particular key. If he don't have previous copy of file.

Maybe encrypting file with symmetric master key and then encrypting the master key with asymmetric key can save the decrypt-encrypt process of all data.
How about using multiple public keys? If I have multiple public keys for each person then I could just re-encrypt with the one person removed and they won't be able to see the data. The only drawback then would be that the data has to be decrypted twice to get it now? Would that work?
legendary
Activity: 1512
Merit: 1049
Death to enemies!
June 09, 2013, 08:49:10 PM
#4
yes, it needs to be re-encrypted to remove access to particular key. If he don't have previous copy of file.

Maybe encrypting file with symmetric master key and then encrypting the master key with asymmetric key can save the decrypt-encrypt process of all data.
hero member
Activity: 994
Merit: 507
June 09, 2013, 08:45:07 PM
#3
Short answer - No
TL;DR - It depends. Only software that I'm aware of being able to revoke one of multiple keys without decryption are full disk encryption on Linux.

What software are used and what you want to achieve?
Kind of like "no knowledge" hosting like spideroak but easy to share data with others using many public keys for who you want to share with. But sometimes you want to remove a person from having access from that time on. I don't want the server restricting access but the actual encryption. My basic understanding is that the data has to be decrypted and then re-encrypted?
legendary
Activity: 1512
Merit: 1049
Death to enemies!
June 09, 2013, 08:39:34 PM
#2
Short answer - No
TL;DR - It depends. Only software that I'm aware of being able to revoke one of multiple keys without decryption are full disk encryption on Linux.

What software are used and what you want to achieve?
hero member
Activity: 994
Merit: 507
June 09, 2013, 07:52:03 PM
#1
Let's say I have some data that's encrypted with a few public keys including my own. Is it possible to revoke a key for the data without decrypting it fully and encrypting it again with the keys I wish to remain with it?
Jump to: