Who decides which users can share a file?
The user via their public-private key pair and the admin via access-controlled sharing permissions.
Sharing is a cryptographic key exchange only possible when the user receives access to the resource key and has the permission to share.
This action is based on the tiCrypt principle: Effective access.
To Remember
- Sharing is the intersection of who is allowed to share (access control) AND who has the resource key. (cryptographic).
- Each resource is encrypted with randomly generated AES-256 keys.
- Every resource has its own uniquely generated resource key made of the private key and public key of the user who created it.
When sharing a resource which has its resource key:
- You only decrypt the resource key with your
private key
. - You encrypt the resource key with the user's
public key
you share the resource with.
The two actions above take place simultaneously in tiCrypt.
info
The resource keys apply to all tiCrypt objects:
- Files
- Groups
- Drives, Etc.
- Keys prevent access to the drive.
- Only the resource owner is allowed to share the resource in the first place.
1. The creator of the file shares the file with you.
- The backend checks the user who shared the file's
private key
to encrypt the sharing file. - The backend takes your
public key
and the user who shared the file'sprivate key
and generates a newresource key
for you. - The backend verifies that you both have
sharing permissions
active. - The backend uses your
private key
to decrypt the new uniqueresource key
to allow you access to the shared file.
2. You share the file with another user.
- The backend checks your
private key
to encrypt the file. - The backend takes your
private key
and the user'spublic key
you would like to share the file with and generates a newresource key
for the user. - The backend verifies that you both have
sharing permissions
active. - The backend uses the user's
private key
to decrypt the new uniqueresource key
to allow them access to the shared file.
Both steps above happen under 0.1 milliseconds.
- Resource keys are managed using the
public key
of the users.
note
- The private key is never "naked" anywhere in the backend, tiCrypt system, local machine, or on the browser.
- Keys are kept in memory for the smallest amount of time possible (under 0.1 milliseconds).
caution
You cannot share if you do not have your own public/private keys.