1

I'm working on batch-encryption of files, for a small project of mine. The files are stored encrypted on a removable drive, and the keys are stored on a trustful server. For enhanced safety, I'd like to use ONE key for ONE file. Files are encrypted using NaCl/libsodium's "sealed_box" (Curve25519xsalsa20poly1305).

Each time the client adds a file to the drive, it is encrypted using a public key, generated with fun1(masterPublicKey, seed). The seed is itself deterministically generated from a set of non-varying file attributes, and the masterPublicKey is, well, a public key that belongs to the client and that's reused for all files belonging to this client.

Each time the client requests decryption for a file, the seed is sent to the server. It then gathers the client's private key, and calls fun2(privateKey, seed) to get a derived private key. This key is sent to the client, which can now decrypt the file it wanted to, but NONE of the other files.

On the server (decryption): [master private key] \ \ / seed from client \ / \ fun(privateKey, seed) -> derived private key On the client (encryption): [master public key] \ \ / getSeed(attributes) \ / \ fun(publicKey, seed) -> derived public key

If you're bitcoin-savvy, think BIP32 but for encryption.

How to achieve such a thing ? Is there even a way to do this ?

Perceval
  • 53
  • 3
  • 1
    What are you trying to do? Why are you storing keys on the server? – Neil Smithline Oct 17 '15 at 21:57
  • Because I assume the client is too dumb to handle his private key ;-) Actually, the server handles authentication, and returns the key if everything is OK. But it's unsafe to have 1 key for all files, because the client could be eavesdropping and catch the private key before the decryption, so I'd like to have a dedicated key for each file. – Perceval Oct 18 '15 at 09:14

0 Answers0