Sharing sigKeys.privateKey?
Closed this issue · 3 comments
Does sharing the sigKeys.privateKey with the party who is running generateTransformKey leak any information?
I'd like to have person A encrypt data and then let person B receive a userToDeviceTransformKey and do the transformation and decrypt.
If person B has the sigKeys.privateKey could they potentially decrypt the cipher without transforming it?
You don't share the private key - when a party (let's say Bob) generates a new device and runs generateTransformKey, he will have a private encryption for his user key and a public key for the device - these together will be used to compute the transform key. The generated transform key is signed using Bob's private signing key, and his corresponding public signing key is placed in the transform key, so anyone can validate the signature. The signing key pair is distinct from the encryption key pair.
Since the signing key is distinct from the encryption key, obtaining a private signing key will not allow anyone to decrypt any cipher.
When Bob gets a message that was encrypted to his user public key, he can use the transform key to transform the ciphertext to be encrypted to his device's public key, then his device can use it's private encryption key to decrypt the transformed ciphertext.
Hope that helps clarify.
ahh
The signing key pair is distinct from the encryption key pair
is exactly what I needed!
Since the signing key is distinct from the encryption key, obtaining a private signing key will not allow anyone to decrypt any cipher.
Thanks for the clarification @BobWall23