This topic contains 5 replies, has 2 voices, and was last updated by Robert M 6 months, 2 weeks ago.
May 20, 2016 at 07:03 #3138
It sounds like AxCrypt is supporting some kind of asymmetric encryption scheme to make file sharing possible without the need to share passwords. That’s a good thing! Is this functionality available only to paid subscribers? Are people using the free version able to encrypt/decrypt only for themselves?
Thanks.May 20, 2016 at 07:32 #3139
You are correct. This is one of the major reasons we have adopted the ‘sign in’ metaphor. When you register you get what we call an ‘AxCrypt ID’. In fact this is a RSA-4096 key pair generated on the server. The public key is available from the server via a public REST API. The private key is kept in an AxCrypt-encrypted form, using the sign in password, on the server for backup.
Actual file encryption is done by generating a strong pseudo-random 128 or 256 bit (if the user has Premium) session key, unique for every file and file encryption. This key is then encrypted iteratively (wrapped) using the sign in password, the sign in public key, and any other persons public key that the file key should be shared with. The set of public keys used are also embedded in the file, so it can be re-encrypted without further server interaction.
In order to do server lookups of other persons public keys, Premium is required. Anyone with AxCrypt, Free or Premium, can always decrypt and work with encrypted files, regardless of the encryption strength or if it uses key sharing. We’ll never lock anyone out of their data because Premium has expired.
I hope this explains! We’ll be publishing full specifications of the file format, and the protocols used. The API is already public, but we have not yet made documentation available. It’s use can of course be inferred from the source code, or simply to use the open source library is the easiest way though. The only reason we’ve not yet published text documentation is just time constraints, and that we’d like to keep the capability to evolve it a little longer.
SvanteMay 20, 2016 at 16:51 #3142
Thanks for your helpful reply.
I want to be sure I understand. If using the free version, you can import someone else’s public key, provided that person exports their key to a text file and sends it to you? And you can then encrypt files to both yourself and this person (“share”)? It sounds like you’re saying that with Premium, you have the additional capability of obtaining keys from the server. Sorry if this question seems redundant.May 20, 2016 at 17:03 #3146
Currently you can indeed import/export public keys with the Free version. Not sure how long we’ll retain that functionality. Not because we want to squeeze folks for their money, but because it offers too many ways to get into trouble. These features are there right now mostly because they were used during development. Most likely we’ll retain them but in an ‘Advanced’ mode preceded by various disclaimers and mostly for situations where Internet access is not possible at all.
With Premium, you obtain the public key using the recipient’s e-mail address and the simple “Key Sharing” dialog. Pretty foolproof and simple, is the idea. Also, with this feature you can actually do this before the recipient has even signed up, as we’ll generate a key pair and encrypt it temporarily with a server-based machine-key until the recipient completes the signup process and sets his or her personal password.
SvanteMay 20, 2016 at 17:28 #3148
I think I understand now!
I encourage you to retain the ability for free-version users to import and export keys! The cost of Premium is reasonable and I have no problem paying for the service. But I may need to share files with a person who is unwilling to pay for encryption! I would hope that I could send this person my public key so he/she could likewise share with me.
Thanks again. No reply is needed.May 20, 2016 at 17:33 #3150
No reply necessary, but I’d still like to add one thing.
If you have Premium, you can share with any number of others, and they can work with the documents you have shared the key for. They just can’t create a new document and share with you without Premium.
Thanks for all the input!