Hi! Here are some of my ideas for that problem: - public key encryption (Algorithms: RSA, ElGamal, ...) read: http://en.wikipedia.org/wiki/Public-key_cryptography You should combine those algorithms with traditional cryptography (i.e. AES) - called hybrid cryptography - secret sharing (Algorithm: Shamir, ...) read: http://en.wikipedia.org/wiki/Secret_sharing , http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing
Idea: Just save your data more than once for every user but with its own (public) key. This mail is short because I am short in time at the moment. Anyway I hope this helps. -- Bernhard J. M. Grün 2008/10/8 David C. Zentgraf <[EMAIL PROTECTED]> > > I'm very interested in this topic. > > I have an application that by it's nature shares "objects" between > multiple participants, each object having different participants. > Since those objects contain sensitive data, I was looking into ways to > encrypt those, so that not even the database admin could see the > content. > > With "traditional" encryption schemes this is very difficult to > realize though, as there's always only one key that can decrypt the > data (would be pointless otherwise). That means for every object a > user is participating in you'd need to store an additional key with > the user's data, which is pointless. > > I haven't yet, in my limited research, found a meaningful way to > encrypt data in a way that allows it to be decrypted with any one of > multiple keys (i.e. the user's password). But I'm no cryptographer by > any means. Are public/private keys a way to do this? > > Chrs, > Dav > > On 8 Oct 2008, at 12:37, titang wrote: > > > > > It sounds good, but what about if the data must be accessible by many > > users. > > For example I want to let 2 users to access the same datas with their > > own passphrase... > > > > Is there a simple way to do that ? > > > > Titang > > > > On Oct 8, 11:03 am, Joel Perras <[EMAIL PROTECTED]> wrote: > >> Simple solution: Generate a pseudo-random string of characters (or > >> let > >> him choose his own passphrase), and use this as a salt to encrypt > >> your > >> data before saving to your database. The passphrase must then be used > >> to retrieve any information from the database. > >> > >> Of course, all of this is completely useless if you don't use SSL for > >> the entire request/response process. > >> > >> -J. > >> > >> On Oct 7, 3:50 am, titang <[EMAIL PROTECTED]> wrote: > >> > >>> Hi, > >>> I would like to encrypt/decrypt data in my application regarding the > >>> following requirements: > >>> - The data will be decrypted by many users. > >>> - I dont want to keep the secret password for decrypting the data of > >>> each users in my application. > >> > >>> Does someone have any idea about how can I do this ? And if there is > >>> something already implemented for the cakephp framework? > >> > >>> There is something pretty good, it is the gnupg project. > http://www.gnupg.org/ > >>> I did my first test by command line on Linux, and it seems really > >>> good. > >>> 1. First i have to generate one public key per users (from an uid > >>> and > >>> a passphrase). > >>> 2. Then i encrypt the data and specify which users can access the > >>> data (by specifying the uid). > >>> 3. And the authorized users can decrypt the data with their own > >>> passphrase > >> > >>> An extension gnupg is available for php. > >>> What about a cakephp behavior using this extension? I think it could > >>> be very useful. > >> > >>> Any suggestions or helps are welcome ! > >> > >>> Thanks > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
