Mesh/Recrypt is a data level encryption infrastructure that allows encrypted data to be shared with groups of users that change over time.
Previous data level encryption schemes, forced a choice between true end to end encryption (provided by OpenPGP and S/MIME) and the ability to change groups over time (key manager based CRM systems). Mesh/Recrypt provides both benefits at once through use of proxy re-encryption, a form of public key cryptography that uses three keys instead of the usual two.
In traditional public key encryption, the public key is used to encrypt data and the private key is used to decrypt.
In the proxy re-encryption scheme used in Mesh/Recrypt, the public key is used to encrypt data in the exact same way as for two key cryptography but the decryption key is split into two parts. One half of which is held by the recipient and the other half of which is sent to a recryption service:
ToDo Here a Visio diagram of Proxy Re-encryption and the key server
Decrypting encrypted data requires the use of both halves of the key. The recryption service cannot decrypt data because it does not have access to the recipient's half of the decryption key and the recipient can't decrypt the data unless the recryption service performs its half of the work and returns the result to the recipient.
This approach has important benefits:
The meshapp tool is used to create and manage recryption groups. To use the recryption features, the user must first create an account with the recryption service:
account create firstname.lastname@example.org
Having created her account, Alice can now create (one or more) recyption groups. Alice adds herself to the membership list:
recrypt create email@example.com firstname.lastname@example.org
Membership of the recryption group is only necesary to decrypt (read) data. It is not necessary to be a member of the recryption group to encrypt (write).
Bob encrypts a document for the group users:
recrypt encrypt email@example.com /in=file1.txt
At this point, Mallet cannot read the document because he is not a member. But Alice can add him:
recrypt add firstname.lastname@example.org email@example.com
Mallet can now decrypt the document:
recrypt decrypt /in=file1.txt.mmx /out=file1m.txt
Remembering that Mallet is always the baddie, Alice removes him from the group:
recrypt delete firstname.lastname@example.org email@example.com
Mallet cannot decrypt the document again but he may still have access if he saved the copy he decrypted earlier:
recrypt decrypt /in=file1.txt.mmx /out=file1f.txt