Encryption strategies for multi users access in production systems
A common way of working for multiple-user access to encrypted data is this, which is a simplified description of a full-disk encryption scenario (a real system might have more levels than described here).
- The data itself is encrypted with a content key, Kc.
- Kc is stored on the computer n separate times, one per user. Each instance is encrypted by a different user key Ku1...Kun.
- Each of the i user keys Kui is derived from the credentials for user i.
What this gets you is that it's easy to change one user's credentials or revoke that user's access without affecting everyone else.
Another way that's available for things like MySQL databases (and is close to how file protection in iOS works) is this:
- Data encrypted by the content key.
- Content key protected by access key, derived from user credentials.
mysqld
is given the access key, and provides all access control to the user data.
In this case you have to be sure that your access control cannot be bypassed.