[Box Backup] Private key, web access, sharing and delegation

Leif Linderstam ell2 at live.se
Wed Aug 24 20:44:32 BST 2011



> At the same time, can somebody guesstimate how e.g. Spideroak enable 
> sharing documents with other users via password protection without 
> re-encrypting the shared documents to the other user's keys/passwords:

I guess it can be done similar to how encrypting mail with a public key
works, as far as I know at least.

- Create a random key and encrypt the message/file with this key.
- Encrypt the generated key with the public key of the recepient.
  This can be repeated for several recepients.
- A recepient wanting to read the message/file decrypts the generated
  key, which then can be used to decrypt the message/file.

Apart from making it possible for many recepients to read the message
whithout having a common key, this scheme also is good for performance.
The generated key is a symmetric key (same key is used both for
encryption and decryption) which is much easier (i.e faster) to encrypt
and decrypt than asymmetric (private/public) keys.

In the above case with shared documents there is no need to re-encrypt
the file itself to add access for another user, only encrypt the
underlying symmetric key with the new user's public key.

Cheers,
Leif
 		 	   		  


More information about the Boxbackup mailing list