It’s my understanding when it comes to MutableData that public mutable data can be read by anyone and private data only by the owner.
The email example app does something a little differently. It uses public data with only an INSERT permission. Meaning anyone can create a new entry but not edit, delete (read?).
The inbox also contains the public key for the user, presumably meaning when you insert a mail, you should encrypt it using that public key so only the owner of the mailbox can decrypt it.
So we have (in my mind) three scenarios we can do:
- Public Readable
- Anyone can read this data
- Anyone can INSERT/UPDATE this data (so long as they have the correct permission)
- Personal Readable
- Only I can read this data
- Only I can edit this data
- Personal Readable, Public Insertable
- Anyone can read this data but only I can decrypt it
- Anyone can INSERT/UPDATE this data (so long as they have the correct permission)
So my question is how can I share data with a dynamic group of people. Like Facebook (forgive my bad language) you may have five friends who can see your profile, but no one else.
I’m not really sure how you would go about doing this. I think I’m over complicating the design in my mind, but would I basically have to encrypt the data five times (one for each friend)?
Would I need to have a list of groups, users and their public keys. Then when anyone posted a message to a group, it would encrypt the message with a random key, then encrypt that key once for each user in the group.
Please tell me I’ve gone too far down the wrong rabbit whole.
TL;DR; How can I share private MutableData with multiple people (but not everyone like public mutable data)
Thanks
7 Likes
Excuse the long delay, I don’t know how I missed this one.
I’d like to test this out to confirm but it appears that what you propose is the only way to achieve sharing a private MD among exclusive group members.
I’m going to explore this further…
No worries at all. With the amount of work you guys are doing I’ve no idea how you find time to even check the forums So thanks a lot for everything. Also Hunter your youtube videos were immensely helpful in helping me to understand how the APIs work. Anyway enough rambling.
Having a key to encrypt the message then encrypting that key with all users is really achievable already using the current APIs and even long term I think it’s still a good option.
My one (possible) problem however is in the above scenario the bigger the private group is the more SafeCoin each post will cost.
So I was wondering (and this is more to do with encryption theory rather than MaidSafe I guess) is there a way to encrypt 1 message so that any of X private keys could decrypt it.
Method One
Example Data:
Private Group (Moderators):
- User 1
message_keys: [:privateMutableData]
- User 2
message_keys: [:privateMutableData]
- User 3
message_keys: [:privateMutableData]
Create a new message
- Encrypt your message using a new secret key
- Find all members of the Moderators group
- Insert the key into the users privateMutableData (message_keys)
- Submit the encrypted message as public mutable data
Read a message
- Get the encrypted message
- Look in your message_keys for the key to decrypt
- You now have the unencrypted message
Add a new user
- Find all messages in the Moderators group
- Get the encryption key from your own message_keys for each message
- Submit each key to the new users privateMutableData
This is the bit I’m thinking doesn’t scale very well, but is maybe just the cost of a private decentralised system
Delete a user
- Once a user has been given access to a message, you can never remove their ability to view that message. Since data is never deletable on the safe network? I don’t really see this as a problem, since even with centralised systems if you have access to it once, you could just copy it locally then access it later if your access is removed. The important thing would be once a user is deleted no one sends the message secret to deactivated users.
Method Two (is this possible)
Example Data:
Private Group (Moderators):
- User 1
_public_names: MyForumUser1 (PUBLICKEY0000001)
- User 2
_public_names: MyForumUser2 (PUBLICKEY0000002)
- User 3
_public_names: MyForumUser3 (PUBLICKEY0000003)
Create a new message
- Find all members of the Moderators group and get their public keys
- Encrypt your message using a new secret key derived from all the public keys above. So any one of the private keys can decrypt the message? Possible???
- Submit the encrypted message as public mutable data
Read a message
- Get the encrypted message and decrypt using your private key
Add a new user
- Find all members of the Moderators group and get their public keys
- Find all messages in the Moderators group
- Decrypt each message and then encrypt it again including the new users public key in the algorithm
Again, does this scale well. Or does it scale better than method one?
Delete a user
- Again the same sort of problem as above, but not too worries
Sorry if this is a bit of a messy post. I’m just trying to get some ideas down and maybe it will help someone or they can help me in the future
4 Likes