Bitcoin Forum
November 08, 2024, 07:05:39 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Encryption question  (Read 519 times)
dillpicklechips (OP)
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
June 10, 2013, 12:52:03 AM
 #1

Let's say I have some data that's encrypted with a few public keys including my own. Is it possible to revoke a key for the data without decrypting it fully and encrypting it again with the keys I wish to remain with it?
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
June 10, 2013, 01:39:34 AM
 #2

Short answer - No
TL;DR - It depends. Only software that I'm aware of being able to revoke one of multiple keys without decryption are full disk encryption on Linux.

What software are used and what you want to achieve?

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
dillpicklechips (OP)
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
June 10, 2013, 01:45:07 AM
 #3

Short answer - No
TL;DR - It depends. Only software that I'm aware of being able to revoke one of multiple keys without decryption are full disk encryption on Linux.

What software are used and what you want to achieve?
Kind of like "no knowledge" hosting like spideroak but easy to share data with others using many public keys for who you want to share with. But sometimes you want to remove a person from having access from that time on. I don't want the server restricting access but the actual encryption. My basic understanding is that the data has to be decrypted and then re-encrypted?
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
June 10, 2013, 01:49:10 AM
 #4

yes, it needs to be re-encrypted to remove access to particular key. If he don't have previous copy of file.

Maybe encrypting file with symmetric master key and then encrypting the master key with asymmetric key can save the decrypt-encrypt process of all data.

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
dillpicklechips (OP)
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
June 10, 2013, 01:54:17 AM
 #5

yes, it needs to be re-encrypted to remove access to particular key. If he don't have previous copy of file.

Maybe encrypting file with symmetric master key and then encrypting the master key with asymmetric key can save the decrypt-encrypt process of all data.
How about using multiple public keys? If I have multiple public keys for each person then I could just re-encrypt with the one person removed and they won't be able to see the data. The only drawback then would be that the data has to be decrypted twice to get it now? Would that work?
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5376
Merit: 13407


View Profile
June 10, 2013, 01:57:01 AM
 #6

If you send someone some ciphertext that they can decrypt, then they'll always be able to decrypt that ciphertext.

It's easy to remove a recipient from an OpenPGP encrypted message. Just remove the packet with their encrypted session key. I don't know how you would do this with any PGP tool, though.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
June 10, 2013, 01:59:03 AM
 #7

As I understand he wants to do this on server side.

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
dillpicklechips (OP)
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
June 10, 2013, 02:12:57 AM
 #8

As I understand he wants to do this on server side.
Exactly. I want to set up sharing of data on a server. At no time can the server see what the data is. I'd like to then change who has access without the server ever being able to see the data.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5376
Merit: 13407


View Profile
June 10, 2013, 02:31:25 AM
 #9

Encrypt the data with a random key using symmetric crypto (ie AES). For each person who can get access, encrypt to their public key:
- The random key used with the symmetric crypto.
- A unique access key which the server also knows in a database.

The downloader first downloads the public-key-encrypted file. They send the access key to the server, which allows them to download the larger encrypted file if the access key is OK. Then they can decrypt it using the data key.

To revoke access, delete their public-key-encrypted files and remove their access keys from the database.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
dillpicklechips (OP)
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
June 10, 2013, 02:50:59 AM
 #10

Thanks theymos and MysteryMiner. You have given me more to think about!  Smiley
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!