What system do you use to encrypt files for a group of people (OS agnostic prefered)?

Question

Say you have a bunch of files. Say you can store meta data to these files. Say, one of these meta attributes were called "encryption" Say everyone was allowed to look at these files, but since they are encrypted, only people who know how to decrypt them can actually read the contents. Say, for every given value of "encryption", a group of people share the knowledge on how to decrypt files marked with that value. Say you want to be able to do this programmatically, in an OS agnostic way (if possible)

What are the values you would use for "encryption"? How would you store the keys? How would you organize access to the keys?

I am currently leaning towards following implementation:

• the value of the field "encryption" contains the name of a key, possibly also denoting the algorithm used
• each user has access to a bunch of keys. This could be defined by roles the user has in an LDAP/ActiveDirectory like structure, or they could just be files in a secure directory in the users profile/home directory.
• on viewing a file, the viewer (I'm trying to build a document management system) checks the users keys and decrypts the file if a matching key was found.

What encryption would you use? Symmetric (AES)? Or Asymmetric (what are the good ones)?

Using asymmetric keys would have the additional benefit of making a difference between reading a file and writing a file: Access to the private key is necessary for writing the file, access to the public key (only semi public, as only certain roles have access to it) would allow reading the file. Am I totally mistaken here?

What are common systems to solve these problems used in small to medium sized businesses?

EDIT: It seems there are no universal sollutions. So, I will state the problem I am trying to solve a little more clearly:

Imagine a Document Management System that operates in a distributed fashion: Each document is copied to various nodes in a (company controlled, private) P2P network. An algorithm for assuring redundancy of documents is used to ensure backups of all documents (including revisions). This system works as a service / daemon in the background and shovels documents to and fro.

This means, that users will end up with documents probably not meant for them to see on their local workstation (a company controlled PC or a laptop or something - the setting is such that a SME IT guy sets this all up and controls who is part of the P2P network).

This rules out directory access based schemes, as the user will probably be able to get to the data. Am I mistaken here? Could a local folder be encrypted such that it can only be accessed by a Domain user? How secure is that?

I am aware of users sharing decrypted versions of files - and that that is hard to suppress technically. This is not a problem I am trying to solve.

Answer 1

This is a hard problem. If this is something really serious, you should not use the advice of amateur cryptographers on the internet.

Answer 2

That said, here's my musings:

I'd encrypt each file with a random symmetric key using AES. This encryption would be on a job that runs overnight, so the key changes overnight.

I'd encrypt the key of each file with the public key of everyone who has access to the file.

If someone loses access to files, they'd be unable to read the new copies the next day (they could still have copies locally of old versions).

I'd use gpg (runs on nearly all OS-es happily).

You misunderstand asymmetric crypto. Public key is given to everyone, Private key you keep yourself. If Alice encrypts something with Bob's Public key, only Bob can decrypt it. If Bob encrypts something with his Private key - everyone can decrypt it, and everyone knows it came from Bob cause only he has his Private Key.

EDIT: However, if you ignored everything I said and went a different route, and gave every FILE it's own pub/priv keypair... then you would rely on the public key be available ONLY to those you want to read the file, and the private key available to those you want to r/w. But that's a bit trickier, and relies heavily on people not being able to distribute keys. Overnight jobs to change keys could mitigate that problem, but then you have the problem of distributing new keys to users.

Answer 3

The difficulty of this problem is why many businesses default to using OS-specific solutions, such as Active Directory.

For OS-agnostic, you have to re-create a lot of user-management stuff that the specific OS and/or Network vendors have already built.

But it can be done. For the encryption itself - go with AviewAnew's answer.

Answer 4

If I understand you correctly, you could use GNU Privacy Guard. It's cross-platform and open source. Basically, every user has a copy of GPG and a local "keychain" with their "private keys" and "public keys". When you want to encrypt something, you use the person's public key, and the results can only be decrypted with their associated private key. A user can have more than one keypair, so you could give all administrators access to the "administrator role" private key, and each hold of they private key could decrypt documents encrypted with the "administrator role" public key.

The cool part is that you can encrypt a file with multiple public keys, and any one of the corresponding private keys could then be used to decrypt it.

Answer 5

The encryption isn't the hard part, here. Understanding the business needs, and especially, what threats you're trying to protect against, is the hard part. Key management isn't a trivial thing.

I highly recommend the book "Applied Cryptography" to help you understand the protocol-level issues better.

Answer 6

I have to agree with Mark here:

Understanding the business needs, and especially, what threats you're trying to protect against, is the hard part

For example; are you worried that unauthorized users may gain access to sensitive files? You can use file-level access control on virtually any operating system to restrict users or groups from accessing files/directories.

Are you worried that authorized users may copy the files locally and then lose their laptop? There are a number of os-level encryption facilities that provide varying degrees of protection. I personally recommend TrueCrypt for thumb drives and other portable media, and Windows Vista now include BitLocker which provides a different level of protection.

Another variation of the lost-laptop theme is the lost-backup theme, and many backup vendors now include encryption schemes for your tape backups for just this reason.

Finally, if you're worried that authorized users may share the files with unauthorized users then you may be trying to solve the wrong problem. Authorized users who can decrypt these files can just as easily share a new unencrypted version of the same document.

Answer 7

What you need is public-key encryption using either OpenPGP or X.509 certificates. In both cases you can encrypt the single block of data for multiple "recipients" using their OpenPGP keys or X.509 certificates respectively. In X.509 the standards for encrypting the data this way are PKCS#7 and CMS (defined in some RFC, I forgot the number). You would need to employ some key revocation checking in order to prevent access for those people, who were given access before but don't have it now.