[Box Backup] Private key, web access, sharing and delegation

Leif Linderstam ell2 at live.se
Wed Aug 24 20:44:32 BST 2011

> At the same time, can somebody guesstimate how e.g. Spideroak enable 
> sharing documents with other users via password protection without 
> re-encrypting the shared documents to the other user's keys/passwords:

I guess it can be done similar to how encrypting mail with a public key
works, as far as I know at least.

- Create a random key and encrypt the message/file with this key.
- Encrypt the generated key with the public key of the recepient.
  This can be repeated for several recepients.
- A recepient wanting to read the message/file decrypts the generated
  key, which then can be used to decrypt the message/file.

Apart from making it possible for many recepients to read the message
whithout having a common key, this scheme also is good for performance.
The generated key is a symmetric key (same key is used both for
encryption and decryption) which is much easier (i.e faster) to encrypt
and decrypt than asymmetric (private/public) keys.

In the above case with shared documents there is no need to re-encrypt
the file itself to add access for another user, only encrypt the
underlying symmetric key with the new user's public key.


More information about the Boxbackup mailing list