I love the idea of the access to a file to be limited by time. My question is how the time limitations are enforced. Does the file get encrypted again with a new key that is bound by time, or is it simply not able to get the data to reconstruct the file like a firewall?
The answer to that will determine how I use that feature. Any help will be awesome.
Hi @fzero,
From my understanding once the access grant has expired the satellite limits access to the file for only that specific access grant (using the analogy you mention it would be like a firewall). The file is not re-encrypted, as multiple access grants can be set to provide independent access to the same file without the originally uploaded file being changed.
It makes sense that the satellites would control access and allowing multiple definitely seems to add color. Which I guess reveals the root question: How can an end-to-end encrypted file be shared without having it’s private key known?
I’m not sure I understand. It would be worth reading this to check your understanding - Edge base privacy
One of the important answers for your question being…
The most important thing to understand about Access Grants is, even though an Access Grant contains a serialized encryption key encapsulated in the Access Grant, that encryption key is NEVER passed to a Satellite.
Yea, that page is what didn’t quite get me to full understanding. However, after noodling, maybe this explains it. Does “sharing” a file generate a new private key that can unlock the file from the private key owned by the person requesting the file to be shared? Thus making it true that all files are some form of multi-private-key system?
I think I have it, can someone confirm this is true: Every file uses a unique hierarchical/deterministic private key to encrypt it. When you share a file, that key is re-constituted and bundled up inside a grant. You give that grant to the entity who should have access. When they ask for the file, they only send the information needed to retrieve the file, and if allowed, they get the encrypted asset. Since the requester has the key for that file, they can open it.
It doesn’t have to, but it can. The architecture allows you to use an own encryption phrase (even not a key, the key is derived from the encryption phrase) for every single file, just not convenient from the management point of view.
I think you will be interested in