Snaky Love wrote: > Hi David, > > thank you very much for your explanation! > > May I ask a few final questions about this issue: > > - are there any tools at all that handle the "group crypto + archive" > use-case satisfactory? (Yes, PM me your ads :) > - what is the current state of research regarding groups and cryptography? > > I am not a crypto-scientist, so my speculation might be laughable - but > for me it looks like there is a big vacuum to be filled with some new > crypto algorithms - considering that group-like applications are > becoming mainstream on the net - where is the crypto tool that will help > us keep our privacy within these "social" networks? How many people are > working on this and what are they coming up with?
I'm afraid that my answer to both of your questions is "I don't know". I suspect that there is a fundamental problem with trying to achieve the "group" functionality that you want using standard crypto. The problem is that information cannot be created or destroyed. Once someone has the information required to decrypt the destination file, you cannot prevent that person from decrypting the file at a future date, unless you modify the encrypted file in some way (i.e. by re-encrypting it with a new key). I guess that there are some possible half-way solutions (for example, a tool that could modify an existing encrypted file to add a new session key encryption (thus giving a new user access to the file) or removing an old session key encryption (thus removing a user's ability to access the file) without re-doing the encryption of the target data itself; the user doing this operation (the web server or admin) would need to be on the recipient list of the file already. Also, there could be other ways of doing a similar thing within current tools by splitting the keys out across different files. I think it just depends on what level of security you want - the above proposal still has potential problems - for example, what if the user took a copy of the session key of every file before leaving? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
