Timeline for Zero server knowledge encryption for media server
Current License: CC BY-SA 4.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 13, 2019 at 8:34 | comment | added | user163495 | You can let the user generate a public+private key pair and store the private key as a file on your client. Depending on the OS, there may even be a built-in way to do this. As for authentication, yes, use PBKDF2 or any other KDF (Argon2 is a good recommendation) and store that hash. | |
| Sep 13, 2019 at 8:29 | comment | added | mpen | Hmm, I don't think that meets my requirements for not making the user keep a key. What do you mean by "traditional authentication scheme"? Just rely on HTTPS to keep the password safe? | |
| Sep 13, 2019 at 8:10 | comment | added | user163495 | The private key always remains with the user. It never leaves their machine. This is the essence of public-key cryptography. And if the client is supposed to encrypt the file with the FEK, then the client needs all the logic for this as well. | |
| Sep 13, 2019 at 8:08 | comment | added | mpen | I don't see any reason the client can't generate the FEK. The reason I keep it on the server is so that the user doesn't have to hold on to it. I want it so that the only thing they need is their username+password. If they can remember those 2 things, they're good. With your scheme, where is the private key stored? | |
| Sep 13, 2019 at 7:57 | history | answered | user163495 | CC BY-SA 4.0 |