First and foremost, thank you for a great piece of software!
I would like hear your opinions on an alternative way of encrypting the storage. It’s not necessarily a new idea, but it would enable a particular use-case I had in mind.
I searched for existing topics and could not find any.
What if every chunk was symmetrically encrypted with a key derived from the clear-text payload of each chunk, before being encrypted with the globally shared secret (storage password). This would mean that anyone who possessed the clear-text data could generate the same clear-text chunk, symmetric key, and therefore the same encrypted chunk, allowing global deduplication to work. But would not allow a client who did not possess the clear-text data to decrypt the chunk, effectively preventing one client from reading another client’s data.
Naturally, one would not need to decrypt any chunk if one already possessed the clear-text, so to allow decryption if said data was lost (which is after all the purpose of backup), the symmetric key for each chunk would have to be kept by each client who generated the chunk (wether existing in storage or not), encrypted with a private, non-shared secret (per-client private password), along with other metadata before itself being sent to storage.
If I’m not mistaken, I would think that functionality that doesn’t require decrypting the actual chunk payload data would still work. I.e. checking, copying, pruning etc.
This should allow several semi-trusted clients (repositories) to share a common storage, with deduplication, without anyone having access to each-other’s data.
I understand that RSA would allow a similar use-case, where several clients who should not be able to decrypt each-other’s data can share a storage. However, it would naturally allow the holder of the private key to decrypt all data.
Thank you for your time,