Well, please let me rephrase my question. I need an access control like AFS, where a user can encrypt a file, put it on a public place (eg, http), and only the users/groups he specifies can decrpyt it. (without directly sending his public key to the receivers).
I guess some trusted party (Authentication Server) needs to exist in the middle to handle this, and this party holds the identity of all the users (e.g. the CA who give all the users certificates). One possible procedure: when B sees a file online, it will ask the Authentication Server for the key to decrypt this file, the Authentication Server will see if A has let B to see this file, if yes, send B the key, if no deny it. Is there anything similar to this? Or is this idea totally idiot and this should be handled in some other way? Thanks a lot! -Yushu On Mon, Sep 21, 2009 at 8:03 PM, Yushu Yao <[email protected]> wrote: > Hi Experts, > > Just a general question about encryption. > > Assuming a CA has issued 2 users (A and B) valid certificates. > > Can A encrypts a file and specifies that only B can read it? If yes, how > could this be done? If no, any alternate way to do this? > > Also, what if A encrypts a file and want a group of users (have valid > certificates from the same CA) to be able to read it? > > Thanks a lot! > > -Yushu > > > > > > +-------------------------------------------------+ > | Yushu Yao > | Ph:1-510-486-4690 > | > | Lawrence Berkeley National Lab > | Mailstop 50B-6222 > | 1 Cyclotron Road > | Berkeley CA 94720-8147 - USA > +-------------------------------------------------+ > > >
