[Box Backup] Private key, web access, sharing and delegation
ell2 at live.se
Wed Aug 24 20:44:32 BST 2011
> At the same time, can somebody guesstimate how e.g. Spideroak enable
> sharing documents with other users via password protection without
> re-encrypting the shared documents to the other user's keys/passwords:
I guess it can be done similar to how encrypting mail with a public key
works, as far as I know at least.
- Create a random key and encrypt the message/file with this key.
- Encrypt the generated key with the public key of the recepient.
This can be repeated for several recepients.
- A recepient wanting to read the message/file decrypts the generated
key, which then can be used to decrypt the message/file.
Apart from making it possible for many recepients to read the message
whithout having a common key, this scheme also is good for performance.
The generated key is a symmetric key (same key is used both for
encryption and decryption) which is much easier (i.e faster) to encrypt
and decrypt than asymmetric (private/public) keys.
In the above case with shared documents there is no need to re-encrypt
the file itself to add access for another user, only encrypt the
underlying symmetric key with the new user's public key.
More information about the Boxbackup