Question regarding group management of documents

Birger Toedtmann birger at takatukaland.de
Thu Jan 16 03:38:04 EST 2003 

Hi,

can anyone pinpoint me to some papers on this - the Net did not show 
up anything useful (and I hope it's not my lacking competence in using
Google).


I'd like to use a server to share documents between users.  The users
are grouped, i.e. a user of group A should not be able to read the
docs of group B (if not a member of it).  There are conceptually two
possible ways to design this:

 * use an "out-band-process" (an operating system watching over
   file permissions, a web service verifying user credentials etc.)

 * use in-band crypto on the document itself, i.e. the "permissions"
   are inherently tied to the bits it consists of

I wanted to use the latter with a critical constraint: ease of deploy-
ment (at least in a sense) which basically means that we don't want
to write a new client but use freely available ones.  So my first 
guess was to PGP-encrypt the files on the server using the public 
keys of the group-members.  The server obviously should not have the 
secret keys of them.  I further assume that (a) a member-no-more takes 
his secret key with him and (b) the server may be hacked but the hacker 
should not be able to read the documents (but may corrupt/delete them).

So far, so good.  Now a user leaves a group.  As the server is not
able to decrypt files and we don't want someone to decrypt 1000 files
of a group and re-encrypt them again with the members left, it would
be possible to just encrypt the already-crypted file again with the
"new" group of the remaining members (adding sort of a second armor).
Despite this being quite stressing for users if a file has some-20
armors, I did not come up with an idea for adding *new* members to a
group....


Well, maybe I'm already on the wrong track for this issue, so I 
appreciate any suggestions or hints to sites/papers discussing these 
problems.


Regards,

Birger Tödtmann

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list