End to End security done right

Mesh/Recrypt is a data level encryption infrastructure that allows encrypted data to be shared with groups of users that change over time.

Previous data level encryption schemes, forced a choice between true end to end encryption (provided by OpenPGP and S/MIME) and the ability to change groups over time (key manager based CRM systems). Mesh/Recrypt provides both benefits at once through use of proxy re-encryption, a form of public key cryptography that uses three keys instead of the usual two.

In traditional public key encryption, the public key is used to encrypt data and the private key is used to decrypt.

In the proxy re-encryption scheme used in Mesh/Recrypt, the public key is used to encrypt data in the exact same way as for two key cryptography but the decryption key is split into two parts. One half of which is held by the recipient and the other half of which is sent to a recryption service:

ToDo Here a Visio diagram of Proxy Re-encryption and the key server

Decrypting encrypted data requires the use of both halves of the key. The recryption service cannot decrypt data because it does not have access to the recipient's half of the decryption key and the recipient can't decrypt the data unless the recryption service performs its half of the work and returns the result to the recipient.

This approach has important benefits:

  • Even a total breach of the recryption service does not result in disclosure of the data unless at least one recipient decryption key is also compromised.
  • Recipients may be added to a recryption group at any time and immediately gain access to all data previously encrypted to the group.
  • If a recipient is removed from a recryption group, the recyption service can deny further access to the data encrypted under that group by refusing recryption requests from that recipient.
  • All access to encrypted data must be mediated through the recryption service. The recryption service may therefore enforce audit and accounting controls, detect and prevent suspicious behavior.

Creating a recryption group.

The meshapp tool is used to create and manage recryption groups. To use the recryption features, the user must first create an account with the recryption service:

account create

Having created her account, Alice can now create (one or more) recyption groups. Alice adds herself to the membership list:

recrypt create

Membership of the recryption group is only necesary to decrypt (read) data. It is not necessary to be a member of the recryption group to encrypt (write).

Bob encrypts a document for the group users:

recrypt encrypt /in=file1.txt

At this point, Mallet cannot read the document because he is not a member. But Alice can add him:

recrypt add

Mallet can now decrypt the document:

recrypt decrypt /in=file1.txt.mmx  /out=file1m.txt

Remembering that Mallet is always the baddie, Alice removes him from the group:

recrypt delete

Mallet cannot decrypt the document again but he may still have access if he saved the copy he decrypted earlier:

recrypt decrypt /in=file1.txt.mmx  /out=file1f.txt