Bitcoin Forum

Hi boys and girls,

I have a lot of important files, lots of bitcoinWallet.dat containing 0.420 bitcoins each. I want to share them with specific Ethereum addresses and only
the ethereum addresses can decrypt their specific files. Therefore I was thinking about assymetric encryption using public key (ethereum) which
can only be decrypted by the user using their private key.

It is suggested however that one shall not directly encrypt using ECC (elliptic curve cryptography) since block size of ECC is
small. (source (https://crypto.stackexchange.com/a/31618))

Therefore, encrypting a message using ethereum address is a good idea but not some files.

I have one solution but would love to know if it's viable or if other solutions would be more suitable.
The files will be zipped with random passwords containing special characters and letters (ah321D*£$...)
The password will be encrypted with the ethereum address of each user and will be decrypted with their private key.
Once the user has the password they can extract the zipped file. Only the user can have the password since only they
have the private key of their address.

Don't use a zip password. That's just insecure.
There was a vulnerability for like 10 years where zip files could be decrypted without the password because the initialization vector was extremely weak.


I think you are over complicating things too much.
You want to decrypt files using your ETH private key. I don't really understand the reasoning for that approach, but ok.
Just use symmetric encryption with the private key as encryption key. That's the easiest and most straight-forward approach. You don't really need to use an asymmetric encryption algorithm.

Or why do you want to use asymmetric encryption ? Do you have any reason for that ?

I don't have access to the private key of users.

Users should be able to decrypt files using their private keys.

It's also worth mentioning that I don't know anything
about those users and that sending them the wallets rather than transferring bitcoins is "the only way". It is for a specific
case that will be later shared :)

Image it this way. The user interacts with a smart contract and the only thing I know about the user is their address and amount of bitcoins
they will receive. And no, I am not collecting the bitcoin address in the smart contract.

This is the user: 0x420420420420420420420420
This is the wallet that needs to reach the user: bitcoinWallet.dat

The process of sharing the wallet however is more dynamic. Should I ask them to sign a message to verify themselves and then provide
the wallet instead? How safe is that compared to asymmetric encryption of files

Why don't you just forget about Ethereum and use GPG?  Encrypting files with GPG (PGP) is easy and secure.  Add all the files you want to a zip file for compression and convenience, and just encrypt the zip file.  You can still add a password to the zip file for an added layer of security.

I have updated my previous message. Please read and sorry for not mentioning.
Using Ethereum addresses is a must in this process.

Ah, this makes sense.
But you still have access if the files are on your machine ? And if you let the people encrypt it themselves, they can simply use another algorithm (e.g. a symmetric one).
I still don't get the reason to use ETH for that.

However, you most probably want to look at ECIES (Elliptic Curve Integrated Encryption Scheme).
For example, you can implement that in nodejs using bitcore-lib (https://www.npmjs.com/package/bitcore-lib) and bitcore-ecies (https://www.npmjs.com/package/bitcore-ecies).

Nope, users won't be able to encrypt it themselves.

The bitcore-ecies was something I was looking for. I'll try it with files and see the results. Merits well earned
I will keep everyone updated on why it needs to be done this way :)

So users supposed only know what file they receive after they decrypt it?

On side note, you might be interested to check https://etherpgp.rocks/ (https://etherpgp.rocks/)

I think he meant that user won't have access to the file (to encrypt it themselves).

Whether they know what they receive or not should(!) be handled by the smart contract. But since it seems like the files are hosted on some centralized storage.. that whole idea sounds strange to me.
I don't know.. maybe it is because i don't have enough information about it yet to understand the concept.

Yes, users will only know the file they will receive. Files are on a centralized storage but can also be put on IPFS. The problem here is not centralized / decentralized but too make sure that if someone
other than the user comes across the file, only the user can have access to its content. I am using only the details I have from the user, nothing else. Will not collect other information


Also thanks for sharing EtherPGP. Merit as well

But you are encrypting the files on your machine, so you have access to them ? This means trust is involved ?
And if the user is the only one allowed to decrypt the file, why not let him choose a password and use symmetric encryption ?

Also that but I'd like to also mention that once a user interacts with the smart contract, all I want to collect from them is
their address they interacted with. At the end of their interaction I will know the wallet with a specific amount and the address
which will receive that wallet.

I could add another step where the user requires to go through a signature process and post their email or password such that
I can send them the file, but that gets complicated for my lovely users who are not necessary IT people.

Yep this is gonna be relatively complex for them who are not well introduced with this system and there is no doubt here. 

I'm assuming your users are capable of coming up with a ETH address, would it be so much trouble to ask them to generate a BTC address which they add to the smart contract?  Might be a simpler way of getting from A to B.

I used "BTC address" as an example but it's something else. Sorry about that
However it can also be applied to BTC scenario.
Coming soon !!  ::)

JUST AN UPDATE

Ahh! Seems I have not made an informed enough decision. I thought that Ethereum addresses were the real public key, but they are just INFORMALLY called public keys.
Instead, ethereum addresses derive from public keys.

Seems that getting an ethereum public key is not as easy either. This solution here (https://ethereum.stackexchange.com/questions/13778/get-public-key-of-any-ethereum-account/13892) looks interesting
however I think it's not implementable since you need to parse values from when you sign a transaction. The solution provided seems general as I don't understand yet whether those values can be recovered from other
transactions made by OTHER users and not the account itself when you are the owner  🙄😑

For example, I doubt I would be able to take a random transaction hash from etherscan.io, get the user address and magically get their public key.