Score:1

E2EE with passwords at login?

cn flag

Imagine a scenario:

  1. Alice and Bob want to use a platform where they log in using email and password. The platform can be accessed on desktop and mobile devices.
  2. Alice would like to store encrypted information in a database or send encrypted files to an S3 server
  3. Bob will be able to fetch this encrypted information (data + files) if the server allows to (Alice granted Bob access to this data)
  4. Both Bob and Alice should be able to decrypt the information (data + files) on his side

Currently, I'm playing around to understand whether a design like this is possible, but in the upcoming future, I'll need to have this implemented. I'd be grateful if somebody could provide a "simple" answer, and maybe recommend a way to search for providers that have far more experience than I do (security is no joke), and could implement code for such a solution.

Gilles 'SO- stop being evil' avatar
cn flag
Please be aware that there is no simple answer. [Neirpyc](https://crypto.stackexchange.com/a/91645)'s is about as simple as it gets for the nominal case. But there are many complications to consider to make this work in the real world. What happens if Alice loses her password? How to you mitigate password leakage (through snooping, phishing, brute force, etc.) — two-factor authentication mitigates it for authentication but there's nothing similar for encryption. How do you add a user to a file's distribution list? How do you revoke access? etc.
Score:2
us flag

To solve your problem efficiently, you should read about key derivation and password based key derivation.

As I understand, the solution to your problem is the following:

  1. When creating an account, you use your password to generate a master key km. You should also generate a random asymmetric key pair (RSA, elliptic curve, or any asymmetric cipher). You should upload to the server your public key, and your private key encrypted with k0, a key derived from the master key km.
  2. Alice generates a symmetric key kx and encrypts the data locally before sending it to the server (AES, serpent, ChaCha, ...). kx should be derived from Alice's master key km so the same key can be generated again to decrypt the file. The file should get a unique ID x which is used in a key derivation function to deterministically get a kx, without reusing the same key for each file.
  3. To authorize bob, login, regenerate your km master key, ask the server for the file ID, derive kx from your master key km and the file Id. Then, ask the server for Bob's public key and use it to encrypt kx. You can then send this data to the server.
  4. Bob logs in, generates his master key. He then uses it to derive his first key k0, queries the server for his encrypted private key, uses k0 to decrypt the private key. Once you have the private key, you can decrypt what Alice sent you: kx, the key used to encrypt the file. You can then ask the server for the file, and decrypt it locally.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.