1

I wanted to achieve the following mechanism to encrypt a document

  1. each person in a group of N (user a, b, c...)has her own key;
  2. user a and user b somehow decided to encrypt document M, and they can read M in plaintext, and anyone other than a and b can't read the document M
  3. user a, user b and user c somehow decided to encrypt document N, and they all can read N in plaintext, but anyone other than a, b, c can't read the document N

Is it possible? If so, how to achieve such functionality? (I feel PGP can't solve this problem)

chen
  • 111
  • 2
  • Are you asking for multi-recipient encryption? If so, most PGP software does indeed support it. – Jesse Daniel Mitchell Sep 27 '18 at 05:03
  • @JesseDanielMitchell, but both user a and user b need to update the document content. (multi-recipient encryption) PGP seems to only allow the case that user a encrypts the document and user b read that document. Correct me if I am wrong. I feel the above problem is same as WhatsApp group chat problem, isn't it? https://security.stackexchange.com/questions/119633/how-does-whatsapps-new-group-chat-protocol-work-and-what-security-properties-do – chen Sep 27 '18 at 05:16
  • @chen GPG doesn't allow to modify a document at all. But A can encrypt a document so A and B can decrypt it. B can then decrypt the document and reencrypt it so that still A and B can decrypt it of course. Is that what you are asking? – Josef Sep 27 '18 at 10:47

1 Answers1

1

You can achieve this even using just symmetric encryption.

You generste a random master key. Make a copy of the master key for every user that should have acces. Each user then encrypts his copy of the master key with his own key.

If the user keys are not available, encrypt them with their public pgp key instead.

When working with the document, user decrypts his copy of the master key and uses it to decrypt the document.

If a user that has access to the doc wants to grant access to another user, he just makes another copy of the master key. If you want to revoke users access, you change the master key and redistribute the keys only to users who should have access.

Peter Harmann
  • 7,728
  • 5
  • 20
  • 28
  • Unless I'm mistaken this is exactly how gpg operates. Because symmetric encryption is so much faster it'll symmetrically encrypt the file, then use each recipient's (and the sender's) public keys to cipher a copy of the symmetric key which is then appended to the file. – user8675309 Oct 12 '18 at 21:45
  • Yes, the point here is that he can make multiple copies of the key without making multiple copies of the potentially large file. – Peter Harmann Oct 14 '18 at 13:07
  • Thank you. In this scenario, is there anything preventing users sharing the master key with "unauthorized users" (without the permission of the creator of the master key). Would love to see a mechanism where that is not possible and the creator of the document has absolute say in who has access to the document (and receivers of permission would not be able to delegate or share it with others) – Gopalakrishna Palem May 30 '19 at 14:03
  • 1
    @Gopalakrishna Palem there is nothing preventing it and there is little you could do to prevent it. At the end of the day, the person can always just shared the decrypted file. If you are only concerned about giving the key, you could change it often but that is mostly it. (Unless you can and are willing to use government e-id) – Peter Harmann May 31 '19 at 01:16