1

I am a currently analyzing the available Cloud services allowing End-To-End Encryption for file sharing. It looks like, for each solution I found, if Alice wants to send an encrypted file to Bob, she will have to trust the server when she will ask for Bob's public key, in order to send him the "file key" securely.

My question is : how is the key authenticated ?

If the key is not "authenticated" and the server is corrupted, then nothing prevent Man In The Middle : the server sends his own public key, get the file key, re-encrypt the file key with Bob's public key and send it to Bob.

JeanJean
  • 13
  • 2

1 Answers1

1

In the solution that you describe, the service acts as a CA of sorts, validating for Alice that the public key purported to belong to Bob is in fact Bob's.

For further verification, some end-to-end encrypted file sharing services (e.g. encryptedsend.com) provide a means for Alice to verify Bob's public key, through some out-of-band method, such as phone, SMS, etc.

mti2935
  • 21,098
  • 2
  • 47
  • 66
  • Thank you for you answer. This implies a huge trust in the server for each services not providing us a mean to check the identity out-of-band or, at least, outside the service itself. – JeanJean Jul 29 '20 at 17:30
  • Yes, and in addition to that, you need to trust that the code that the server serves (to do the crypto in-browser) is secure. If you can't trust the server with your secrets, then how can you trust the server to serve secure code? This is the 'chicken and egg' problem with browser crypto. See https://security.stackexchange.com/questions/177242/end-to-end-encryption-on-top-of-https-tls – mti2935 Jul 29 '20 at 17:46