[Front/Back] Updated Encryption Format

[its-colby]

Cache will institute access-control mechanism for files.

1. User A encrypts File F with symmetric key SymK.
2. User A shares File F with User B. This action results in the following. User A digitally signs (Root CID File F + User B ID) and encrypts SymK with User B's public key B_PubK. He then sends this to cache server. Cache server saves the entry.
3. User B gets a notification from cache server that File F was shared with him. User B asks the cache server for File F. The server checks to see if the file is encrypted and shared. In this case, it is. The server will send File F along with the encrypted SymK.
4. User B will decrypt SymK and use it to read File F.

Note, in this scheme, user A is unable to revoke permission. In order to somewhat revoke permission, user A will encrypt with new symmetric key on successive edits. Similarly, if user A does not want to "somewwhat" revoke permission, user A must re-use the symmetric key, or share the new one on each successive edit.

Alternative would be for server to implement key management system — essentially, manage keys for shared files.

[clostao]

Wouldn't this require a key pair for every user?

[its-colby]

Yes, it would. We should. Sorry, this shouldn't have been in the TODO just yet. This approach should be confirmed with @jfrank-summit before moving forward. @clostao

This approach is meant to enhance the UX for the sharing of encrypted files