Web Application Security
RE: Secret Sharing Aug 03 2013 08:42PM
JAntonakos excelsior edu

Symmetric encryption uses a single key. Asymmetric encryption uses public
and private keys.

You encrypt with the public key and decrypt with the private key.

Best,
JLA

Sent with Good (www.good.com)

-------- Original Message --------

From : listbounce (at) securityfocus (dot) com [email concealed]
To : saghar estehghari <s.estehghari (at) gmail (dot) com [email concealed]>
Cc : webappsec (at) securityfocus (dot) com [email concealed]
Sent on : 08/01 12:01:34 PM EDT
Subject : Re: Secret Sharing

The answer is, I can't think of a better way of doing it. I believe
this is how EFS, etc. work - you have a single symmetric encryption
key and you encrypt this with the public key of anyone who you want to
be able to read the file.

But it's been a while since I read up on this, so I suggest you do a
sanity check.

cheers,
Jamie

On 1 August 2013 15:48, saghar estehghari <s.estehghari (at) gmail (dot) com [email concealed]> wrote:
> Hi,
>
> I'm working on a project which involves security of the cloud data.
>
> The scenario is as follows:
>
> Users A and B have registered to a cloud service (cloud assumed to be
> semi-trusted). A and B both have secret keys (KA and KB) (for
> symmetric encryption) and public keys (PKA and PKB) on the cloud
> server. KA and KB are each encrypted with the passwords of A and B.
>
> Now consider A wants to share a file F that is encrypted with key K (K
> is generate randomly by A). Now K should be shared securely with B
> over the cloud (we consider that B is not online at the time of
> sharing). To do this one option would be encrypting K with PKB which
> should be decrypted by B when he gets online. However this option
> seems to be complicated for my client.
>
> I was wondering whether you have better options in mind that could help
me.
> Please let me know if the explantation is not clear.
>
> Thanks
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

--
Jamie Riden / jamie (at) honeynet (dot) org [email concealed] / jamie.riden (at) gmail (dot) com [email concealed]
http://uk.linkedin.com/in/jamieriden

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

This message and any attachments contain confidential Excelsior College information intended for the specific individual and purpose. If you are not the intended recipient, you should notify the College and delete this message. Any disclosure, copying, distribution or inappropriate use of this message is strictly prohibited.

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus