我有一些关于找到一种方法来实现可以与多个收件人共享的任意数据的加密的问题。 Mega似乎正是这样做的。据我所知,它会在将数据上传到 Web 服务器之前对其进行加密。仍然可以与他人共享该文件。加密是如何完成的?
想象以下场景:
最佳答案
How is that done with the encryption?
答案是 symmetric-key algorithm 。 Mega 利用 HTML5 提供的浏览器内对称 key 加密。请参阅问题“MEGA 内部使用哪些加密算法?”以下。
正如 onemouth 所说,您的数据 glob 是使用主 key 加密的。
Every user also has a public/private key pair. And every file is encrypted under different session key. Session keys are encrypted under user's master key.
要了解这一切是如何工作的,意味着查看所有组件并了解它们如何互操作。 Mega 在其网站上解释了加密对称/共享 key 的过程:
(我添加的引用文本中的嵌入链接和强调文本)
What encryption algorithms does MEGA use internally?
For bulk transfers, AES-128 (we believe that the higher CPU utilization of AES-192 and AES-256 outweighs the theoretical security benefit, at least until the advent of quantum computers). Post-download integrity checking is done through a chunked variation of CCM, which is less efficient than OCB, but not encumbered by patents.
For establishing shared secrets between users and dropping files into your inbox, RSA-2048 (the key length was chosen as middle grounds between "too insecure" and "too slow"). All encryption, decryption and key generation is implemented in JavaScript, which limits throughput to a few MB/s and causes significant CPU load. We are looking forward to the implementation of the proposed HTML5 WebCrypto API in all major browsers, which will eliminate this bottleneck. JavaScript's built-in random number generator is enhanced through a mouse/keyboard timing-driven RC4 entropy pool as well as crypto.* randomness where available (Chrome and Firefox only at the moment - keys generated by Internet Explorer and Safari are less secure than they could be).
You can share any subtree of your cloud drive with friends, family or coworkers. Invitation is by e-mail address. Invitees who do not have an account yet will receive an e-mail notification with a signup link. Alternatively, you can create a public link to any of your folders and export the folder-specific crypto key, making it accessible without a MEGA account. It is then your responsibility to securely transmit the folder key to the recipient(s).
To establish, modify or delete a share, simply right click on a folder in your file manager and select Sharing. There are three access levels: Read-only, read/write (files can be added, but not deleted), and full (files can be added and deleted). If you added an e-mail address that did not have an account yet, you need to be online at least once after the recipient completes the signup process so that you can encrypt the share secret to his newly created public key.
Is data that I put in shared folders as secure my other data? Shared folders, by nature, are only as secure as their least secure member.
您现在拥有的不是只有一个主 key ,而是您已委托(delegate)给 X 人的另一个 key 。您的安全与您对这些 X 人的信任一样重要。
Mega 上的每个文件都有一个唯一的 ID。因此,如果凭据是:
fileId=Abc123Ab
shareKey=abcdefghijklmnopqrstuvwxyz0123456789ZYXWVUT
https://mega.co.nz/#!fileId!shareKey
https://mega.co.nz/#!fileId
此外,
However, a compromise of our core server infrastructure poses an additional risk: Public keys could be manipulated, and key requests could be forged.
他们所说的是,由于个人私钥泄露的个人威胁,在不启用共享的情况下出现的安全问题会增加。
Is my stored data absolutely secure? All security is relative. The following attack vectors exist - they are not specific to MEGA, but we want you to know about the risks: Individual accounts are jeopardized by:
- Spyware on your computer. A simple keylogger is enough, but session credentials and keys could also be extracted from memory or the filesystem.
- Shoulder surfing. Do not type your password while someone could watch your keystrokes.
- Password brute-forcing. Use strong passwords.
- Phishing. Always confirm the security status of your connection (https://) and the correct domain name (mega.co.nz) before entering your password. Large-scale attacks could be mounted through:
- A "man in the middle" attack. Requires issuing a valid duplicate SSL certificate in combination with DNS forging and/or attacks on our BGP routes (a DigiNotar-style scenario).
- Gaining access to the webservers hosting https://mega.co.nz/index.html and replacing that file with a forged version (this would not affect access through the installed app base). Note that manipulating content on our distributed static content CDN does not pose a security risk, as all active content loaded from index.html is subject to verification with a cryptographic hash (think of it as some kind of "secure boot" for websites). This type of attack requires sending malicious code to the client and is therefore detectable.
- Gaining access to our core server infrastructure and creating forged key requests on existing shares. This type of attack only affects data in accounts with shared folders and is detectable on the client side as well.
此外,并非所有数据都是私密的,并且大多数用户身份信息都未加密存储。
Is all of my personal information subject to encryption? No. Only file data and file/folder names are encrypted. Information that we need operational access to, such as your e-mail address, IP address, folder structure, file ownership and payment credentials, are stored and processed unencrypted. Please see our privacy policy for details.
更多细节可以在 https://mega.co.nz/#doc 的 API 文档中找到
12.2 Cryptography
All symmetric cryptographic operations are based on AES-128. It operates in cipher block chaining mode for the file and folder attribute blocks and in counter mode for the actual file data. Each file and each folder node uses its own randomly generated 128 bit key. File nodes use the same key for the attribute block and the file data, plus a 64 bit random counter start value and a 64 bit meta MAC to verify the file's integrity. Each user account uses a symmetric master key to ECB-encrypt all keys of the nodes it keeps in its own trees. This master key is stored on MEGA's servers, encrypted with a hash derived from the user's login password. File integrity is verified using chunked CBC-MAC. Chunk sizes start at 128 KB and increase to 1 MB, which is a reasonable balance between space required to store the chunk MACs and the average overhead for integrity-checking partial reads. In addition to the symmetric key, each user account has a 2048 bit RSA key pair to securely receive data such as share keys or file/folder keys. Its private component is stored encrypted with the user's symmetric master key.
12.3 Shared folders
The owner of the folder is solely responsible for managing access; shares are non-transitive (shares cannot be created on folders in incoming shares). All participants in a shared folder gain cryptographic access through a common share-specific key, which is passed from the owner (theoretically, from anyone participating in the share, but this would create a significant security risk in the event of a compromise of the core infrastructure) to new participants through RSA. All keys of the nodes in a shared folder, including its root node, are encrypted to this share key. The party adding a new node to a shared folder is responsible for supplying the appropriate node/share-specific key. Missing node/share-specific keys can only be supplied by the share owner.
12.4 Unauthenticated delivery
MEGA supports secure unauthenticated data delivery. Any fully registered user can receive files or folders in their inbox through their RSA public key.
最终,您信任他们的 javascript 代码,该代码已通过 HTTPS 验证为真实的。然后,您相信您的 javascript 引擎(网络浏览器)能够正确处理交易。最后,您相信您的操作系统不允许其他正在运行的进程嗅出 RAM 中未加密的私钥(请参阅 https://nzkoz.github.io/MegaPWN/ )。
在此过程中肯定需要采取预防措施,但它是目前可用的最佳选择之一。您始终可以在使用 GPG 上传到 Mega 之前加密您的文件,以缓解上述一些问题。
关于encryption - Mega 的加密如何用于共享?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18346054/