[ILUG] Question on an encryption system (using OSS)
paul at clubi.ie
Tue Sep 13 14:05:28 IST 2005
On Tue, 13 Sep 2005, Braun Brelin wrote:
> 1. I encrypt a file
> 2. I make this file available via a P2P system like bit torrent.
> 3. When someone downloads the file, in order to unencrypt it, they have to
> get a key from me.
> 4. Since I make it available on P2P, multiple people might download it. Each
> person that wants to read it
> has to get a different key so that each key is unique to that person.
> I'm guessing a public key encryption scheme works best here. I'm
> thinking of using GPG to actually perform the encryption and
> generate the keys.
If the file is to be the same for each user, there's no point. Just
use a symmetric cipher (assymetric ciphers are just a way to securely
transfer the real symmetric cipher's key ;) ).
(You could still use asymmetric ciphers to transfer this key though -
but there's no point encrypting the file with PGP).
> Is what I want to do basically sound? I.e. am I missing something
> obvious here security-weakness wise?
Yes, in order to tailor the encryption of your files per user, you'll
have a different file per user, which makes P2P useless.
A better way possibly might be identify which portions of your file
you don't mind being public, and which you do. Make the public
portions available on P2P. Distribute the withheld portion on a
per-user basis. Ie the 'withheld' portion is the key..
This only works though if your file meets the properties of having a
'key portion' and that portion being of proportionally small size to
the remainder of the file..
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Air pollution is really making us pay through the nose.
More information about the ILUG