[tahoe-dev] encryption/decription keys

zooko zooko at zooko.com
Fri Aug 22 16:42:54 UTC 2008

Welcome, Lauricarge.

> 1. Who generate file encryption key? Gateway or some of the nodes?  
> Which? Where is the key saved? On the same file system with  
> encrypted part of file or on any detachable device (USB-Flash)?
> 2. Who does decryption key generation? How the key will be generated?
> 3. How does decrypted file will be protected while download? HTTPS  
> or ...?

The encryption key and the decryption key are the same (symmetric  
encryption), and the key is stored inside the file capability to an  
immutable file.

The key is generated by the node which uploads the immutable file to  
the grid, which would be the gateway as described in about.html:


A decrypted file would be protected during download from the gateway  
to the web client either by HTTPS or because the gateway runs on the  
same localhost as the client.  :-)  Or else the decrypted file could  
be transferred unprotected over HTTP during download, if protecting  
it at that step isn't necessary.

Hopefully this paper will also shed light on such questions:



http://allmydata.org -- Tahoe, the Least-Authority Filesystem
http://allmydata.com -- back up all your files for $5/month

More information about the tahoe-dev mailing list