How to securely encrypt shared data for a dynamic amount of users?



  • Example:
    Bob uploads a file to my custom file server locked with a password, which then the file server generates a link for him to share

    • Bob wants to be able to share this data to anyone that has this link
    • Bob doesn't want anyone but the people that have the link and password to access his data, not even the server administrator

    I do not want to store any private keys on my file server's filesystem, because that isn't safe in any way if the server were to be compromised.

    I have Key Derivation in the works, but when the user session is expired or the server restarts, they would have to re-enter the password for the shared data.

    What kind of encryption technique on the file server would I use to solve these issues?



  • You can use a simple symmetric encryption, like ChaCha20-poly1305, to encrypt the data with a key derived from the password, using Argon2id for example.

    The key, encoded in base64url, can be appended by the client to the link as a URL fragment. The server (and its administrator) does not need to know the password or the key: the encryption should be entirely done by the client, for example in Javascript if the client is in HTML. If you want to append the key as a URL query, you should take care that the server does not read, process or log it: so it is best not to use queries at all.

    The service MEGA is using a similar approach. This just an example of an implementation and not an endorsement of this particular service.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2