Re: Secret Sharing

[Nir Izraeli <nirizr () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/1/13 7:01 PM, Jamie Riden wrote:
> The answer is, I can't think of a better way of doing it. I
> believe this is how EFS, etc. work - you have a single symmetric
> encryption key and you encrypt this with the public key of anyone
> who you want to be able to read the file.
+1.

One note though: you should get the PK{A,B} directly from the client
and not from the cloud service, if you want to avoid trusting the
cloud. the way you described it lets the cloud service hand out it's
own public key and then encrypt with B's PK afterwards.

> But it's been a while since I read up on this, so I suggest you do
> a sanity check.
>
> cheers, Jamie
>
> On 1 August 2013 15:48, saghar estehghari <s.estehghari () gmail com>
> wrote:
> > Hi,
> >
> > I'm working on a project which involves security of the cloud
> > data.
> >
> > The scenario is as follows:
> >
> > Users A and B have registered to a cloud service (cloud assumed
> > to be semi-trusted). A and B both have secret keys (KA and KB)
> > (for symmetric encryption) and public keys (PKA and PKB) on the
> > cloud server. KA and KB are each encrypted with the passwords of
> > A and B.
> >
> > Now consider A wants to share a file F that is encrypted with key
> > K (K is generate randomly by A). Now K should be shared securely
> > with B over the cloud (we consider that B is not online at the
> > time of sharing). To do this one option would be encrypting K
> > with PKB which should be decrypted by B when he gets online.
> > However this option seems to be complicated for my client.
> >
> > I was wondering whether you have better options in mind that
> > could help me. Please let me know if the explantation is not
> > clear.
> >
> > Thanks
> >
> >
> >
> > This list is sponsored by Cenzic 
> > -------------------------------------- Let Us Hack You. Before
> > Hackers Do! It's Finally Here - The Cenzic Website HealthCheck.
> > FREE. Request Yours Now! 
> > http://www.cenzic.com/2009HClaunch_Securityfocus 
> > --------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)

iQIcBAEBAgAGBQJR/UYjAAoJENC3iWP8AklosTUP/A5YsBAWLlPstlwekaQrLMT/
fc6wKmNokiZPijcMPdXHrYG1GsXa+dBiIrLxdJNiicAtPXV8u7TjgJ0gVQ778N8Y
xrSlgyixodDUECtimb/V3B9KFKGqg8rZWnchcpJHM2+h9j1kH2MebkihrwM1xwcn
HFzs+yTYigHA+QtKTRfWLc+vUAOe8XThGlh5lKYQyXl4izfy2SAkSpEVsiLRmlqm
TDjk+LZRgX7ZGmytWVQ822PpNlDkt0cmMh76Vem0Xbm1LIeH1/EH0xiKeQFqfrcq
cCTogSU7wbjkyVpOgbU9zEoqk1hOlLq3BSFudOxP2qi83FgaiV1FY/uGE5Rq7k70
mC5nav7mbboU2qe6WI+zV5aizAT5QXLtDOJ7h8XkoPQaAxFmnndUan8sABO+AVvM
7+SURv33UZGHBOiXN5u6afOrQ3RZEw6UyRPKTr3HzhK5hQlQl0zc4AGyzvP5cVSs
tKK3OxMdvYiS1gu+P/c20UdaPP9296tR+13O7vP0Y0neWW1XGuTnJqgSjLnXc/qI
iQShkNiRQzgEPeHmpxoq61EoBdHuI0nIeUU0ctvyQpWeXThpncti7RfBvvbdSHTp
niif4S4Usyk3IfsX9hqRoxj4EduuZMIyWRnMDOS0q0r/zKFhQxGVsvbHmbASHmQ7
gSDiziIdvJLDkRcquMRR
=9TLm
-----END PGP SIGNATURE-----



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------