How to encrypt data and make it accessible to specific address

+1 vote


Would you please give more details about encrypting data and make it readable by a specific address ? I saw this example in your blog post :

  1. One stream is used by participants to distribute their public keys for any public-key cryptography scheme.
  2. A second stream is used to publish data, where each piece of data is encrypted using symmetric cryptography with a unique key.
  3. A third stream provides data access. For each participant who should see a piece of data, a stream entry is created which contains that data’s secret key, encrypted using that participant’s public key
But I can't imagine how you use it in real world. Could you give an example please ?
I'm trying to save encrypted data in multichain and transfer secret key via multichain transactions to allow the receiver to decrypt and access data. Is that scenario faisable with multichain ?
Thank you. 
asked Jan 1, 2017 by anonymous

1 Answer

0 votes

You can start by using the openssl command line tool (or library if you're using a scripting language like PHP). Each user generates an RSA key pair and publishes the public key in stream 1. For more detailed instructions, use Google or see this example that we found:

In terms of symmetric encryption, for each item generate a secret key (say from a random alphanumeric string) and you can then use a method like this to perform the encryption before embedding in stream 2.

Finally, use users' public keys (from stream 1) to encrypt the secret key for each item for publishing in stream 3:

The same openssl rsautl can be used with other options for decryption. See the manual page:

answered Jan 2, 2017 by MultiChain
Thank you for your detailed response and openssl usage, however I still don't see how the user (a blockchain address) could access data using theses 3 streams !!

How to make the secret key available only to a specific user / address ?

There are various options. For example, when posting an encrypted key for a particular user in stream 3, you can use the address of that user as the key of the stream item. Then each user can retrieve only those encoded passwords which are relevant to it, by using liststreamkeyitems. If you don't want to publicize who is receiving these keys to everyone on the chain, you can also leave the keys of the third stream empty. Then every user has to retrieve every item from the third stream, and test whether they can decrypt it with their private key or not.