How to host encrypted users' files in a way that I won't be able to read them?

cn flag

I am making plans for a new project and looking for a way to allow users upload their files and keep them encrypted and only accessible by them, but at the same time I need their contacts to access the files too.

To explain a little bit more:

  • User uploads the file(s) on my server via a web application.
  • Me (the server) should not have access to the files' contents.
  • Contacts of the user should be able to have access to the files, IF the user decides to share the files with them.

Is something like that even possible?

CDoc avatar
cn flag
I'm not trying to be a file hoster, just host some files, small in size (PDFs, Word documents, pictures etc) and let users share them in private with their contacts. No public downloads whatsoever.
in flag
There are existing solutions for that. Try [].
kr flag

The short answer: Public key cryptography means: Yes, you can do this. It is hard, because key management is hard, not because the problem is mathematically hard.

The long answer: ... won't fit here.

The medium-short answer:

If each contact has a private key that you don't know and they do know, and a public key that you do know, and you can cause software (including JavaScript) to run on the user's computer, then you can cause the data to be encrypted on the user's computer such that a similar program running on other user's computers with their respective private keys can gain access to it, but such that you, without changing the software running on the user's computer, cannot.

Some things to think about:

  • Cryptographically, this is a solved problem. Don't solve it yourself.
  • Most users want usability.
  • You still need to make good decisions about metadata.

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.