Skip to main content

Who decides which users can share a file?

The user via their public-private key pair and the admin via access-controlled sharing permissions.

Sharing is a cryptographic key exchange only possible when the user receives access to the resource key and has the permission to share.

This action is based on the tiCrypt principle: Effective access.

To Remember
  • Sharing is the intersection of who is allowed to share (access control) AND who has the resource key. (cryptographic).
  • Each resource is encrypted with randomly generated AES-256 keys.
  • Every resource has its own uniquely generated resource key made of the private key and public key of the user who created it.

When sharing a resource which has its resource key:

  1. You only decrypt the resource key with your private key.
  2. You encrypt the resource key with the user's public key you share the resource with.

The two actions above take place simultaneously in tiCrypt.

info

The resource keys apply to all tiCrypt objects:

  • Files
  • Groups
  • Drives, Etc.
    • Keys prevent access to the drive.
    • Only the resource owner is allowed to share the resource in the first place.

1. The creator of the file shares the file with you.

  • The backend checks the user who shared the file's private key to encrypt the sharing file.
  • The backend takes your public key and the user who shared the file's private key and generates a new resource key for you.
  • The backend verifies that you both have sharing permissions active.
  • The backend uses your private key to decrypt the new unique resource key to allow you access to the shared file.
File Creator Shares a File with You

2. You share the file with another user.

  • The backend checks your private key to encrypt the file.
  • The backend takes your private key and the user's public key you would like to share the file with and generates a new resource key for the user.
  • The backend verifies that you both have sharing permissions active.
  • The backend uses the user's private key to decrypt the new unique resource key to allow them access to the shared file.
You Share a File with the File Creator

Both steps above happen under 0.1 milliseconds.

  • Resource keys are managed using the public key of the users.
note
  • The private key is never "naked" anywhere in the backend, tiCrypt system, local machine, or on the browser.
  • Keys are kept in memory for the smallest amount of time possible (under 0.1 milliseconds).
caution

You cannot share if you do not have your own public/private keys.