I'm working on batch-encryption of files, for a small project of mine. The files are stored encrypted on a removable drive, and the keys are stored on a trustful server. For enhanced safety, I'd like to use ONE key for ONE file. Files are encrypted using NaCl/libsodium's "sealed_box" (Curve25519xsalsa20poly1305).
Each time the client adds a file to the drive, it is encrypted using a public key, generated with fun1(masterPublicKey, seed)
. The seed
is itself deterministically generated from a set of non-varying file attributes, and the masterPublicKey
is, well, a public key that belongs to the client and that's reused for all files belonging to this client.
Each time the client requests decryption for a file, the seed
is sent to the server. It then gathers the client's private key, and calls fun2(privateKey, seed)
to get a derived private key. This key is sent to the client, which can now decrypt the file it wanted to, but NONE of the other files.
On the server (decryption):
[master private key] \
\ / seed from client
\ /
\ fun(privateKey, seed)
-> derived private key
On the client (encryption):
[master public key] \
\ / getSeed(attributes)
\ /
\ fun(publicKey, seed)
-> derived public key
If you're bitcoin-savvy, think BIP32 but for encryption.
How to achieve such a thing ? Is there even a way to do this ?