Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt keychain with public key #12

Open
Flawless opened this issue May 14, 2024 · 1 comment
Open

Encrypt keychain with public key #12

Flawless opened this issue May 14, 2024 · 1 comment
Assignees
@ptaoussanis

Comments

@Flawless
Copy link

Hi there,

I was genuinely impressed with your introduction to this library, and now I'm experimenting with use cases to understand its functionality in practice better.

Currently, I'm mapping out the following architecture:

Organizations store sensitive data.
Organizations consist of users.
Users require access to all sensitive data, managed by the organization.

I've identified two potential solutions:

  1. Each user possesses their own keychain, and all data are encrypted with public keys specific to each organization user.
  2. All data are encrypted with a single keychain, and users are provided with a copy of this keychain, encrypted with their public keys.

The first approach should work well if data changes infrequently, but in other case it would be expensive to encrypt the data with all the keys on every write.
However, if I anticipate frequent updates to the data, the second approach seems more suitable. All data encrypted with one keychain, and each user read it with their own copy of the same keychain. But, I encountered a challenge with encrypting the keychain asymmetrically with the user's public key. To address this, I devised a solution where I encrypt an organization's keychain with a randomly generated key, then encrypt this random key with the user's public key, and share both with the user.

As I was outlining this, I realized that I could encrypt all data with random keys and then encrypt the keys for all users using their public keys. However, this approach resembles the second method I initially described.

Therefore, it would be beneficial if the keychain could also be encrypted with the public key.

And also it would be nice to have a multi-key encryption, that could make such cases much easier to solve without modelling the key sharing architecture manually.

Thank you for your contribution to data security. The situation is worsening these days, and initiatives like yours could help make the internet a safer place. Your efforts are truly invaluable.
@ptaoussanis
Copy link
Member

@Flawless Hi Alexander, apologies for the delay replying - and thank you for the kind words and thoughtful suggestions.

Will look at this in more detail and give a proper response next time I'm on batched Tempel work 👍

@ptaoussanis ptaoussanis self-assigned this Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ptaoussanis ptaoussanis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ptaoussanis @Flawless