On Tue, 13 Sep 2005, Braun Brelin wrote:
> 1. I encrypt a file
> 2. I make this file available via a P2P system like bit torrent.
> 3. When someone downloads the file, in order to unencrypt it, they have to
> get a key from me.
> 4. Since I make it available on P2P, multiple people might download it. Each
> person that wants to read it
> has to get a different key so that each key is unique to that person.
>> I'm guessing a public key encryption scheme works best here. I'm
> thinking of using GPG to actually perform the encryption and
> generate the keys.
If the file is to be the same for each user, there's no point. Just
use a symmetric cipher (assymetric ciphers are just a way to securely
transfer the real symmetric cipher's key ;) ).
(You could still use asymmetric ciphers to transfer this key though -
but there's no point encrypting the file with PGP).
> Is what I want to do basically sound? I.e. am I missing something
> obvious here security-weakness wise?
Yes, in order to tailor the encryption of your files per user, you'll
have a different file per user, which makes P2P useless.
A better way possibly might be identify which portions of your file
you don't mind being public, and which you do. Make the public
portions available on P2P. Distribute the withheld portion on a
per-user basis. Ie the 'withheld' portion is the key..
This only works though if your file meets the properties of having a
'key portion' and that portion being of proportionally small size to
the remainder of the file..
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Air pollution is really making us pay through the nose.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!