I would like to share documents within groups and make sure that the member of each group can only access the documents shared in his/her group.
Situation:
There are 5 participants (A, B, C, D). There are two groups (blue: A, B, D, red: D, C). A and B can only see blue documents (like Document_1) and C can only see red documents (like Document_2). D can see documents shared in both groups.
Approach: The following approach is close to the approach in Tom Leeks answer and is close to OpenPGP. This approach is taken, because it scales to groups with many users.
Example for blue group:
- A generates a key pair. Public key: pk_a. Private/secret key: sk_a
- B generates key pair pk_b, sk_b
- C generates key pair pk_c, sk_c
- pk_a, pk_b, pk_c are posted to a key server, visible to the public
- A (or any member of the blue group) generates a synchronous key s1
- A calculates pk_b(s1) (s1 encrypted with pk_b) and pk_c(s1).
- A posts pk_b(s1) and pk_c(s1) to the server
- B and C can now take those values and decrypt them using theis sk
- A, B, C now know S1 and can share data within the blue group
- If they are posting data in the blue group, they can use their sk to indicate to the others that it was really send by them
- we do the same for the red group with the synchronous key S2
This approach was simplified. In reality we would also make sure that each of the users indeed received the correct synchronous key (consider that A could be compromised and try to exclude B from the blue group)
Problem: D has the S1 and S2. D can communicate both in the red and the blue group. How can we make sure that D is not giving S1 to C?
