3

I am setting up a platform whereby data is stored on IPFS and then give access to some (or in some cases all) through a front-end UI.

Storing on IPFS is straight forward as is encrypting.

First I encrypt the file:

gpg --encrypt --recipient "myUserName" "myVideo.mp4"

Then I save the encrypted file:

ipfs add "myVideo.mp4.gpg"

So far so good. Recovering it is easy as is decrypting:

ipfs cat _hashcode > “myVideo.mp4.gpg”
gpg “myVideo.mp4.gpg”

My question though is, that only works if I want to encrypt the file such that only I can decrypt it, how can I allow a certain group of users to access any given file, possibly even ALL users on the platform, but not for people outside of the platform.

I know it is possible to set up Groups in the gpg.config file, but I won't know ahead of time who all of the users are that should have access and it may change over time as well.

Can anyone help me with this please?

Thanks!

Philip Rutovitz
  • 327
  • 5
  • 13
  • 2
    This is a great use-case, but doesn't really involve IPFS much since (as you've pointed out) IPFS doesn't perform any encryption on the data. The phrase you probably need to search for is "multi signature encryption". There's a question here discussing it: https://crypto.stackexchange.com/questions/85731/multi-signature-encryption-multiple-people-can-decrypt – reelyard Jan 30 '21 at 17:39
  • The `--recipient` option may be specified multiple times. – Peter Feb 01 '21 at 15:14
  • @Peter, that is a great tip! Can I add a recipient at a later date? Can I take a recipient away? – Philip Rutovitz Feb 02 '21 at 14:43
  • 1
    I don't know for sure, but that should be no problem, since the data key is just wrapped for each recipient, i.e. re-encryption is a cheap operation and independent of the file size. – Peter Feb 02 '21 at 19:51

0 Answers0