When you rent an apartment, you do not own it. While you have the right to use it, the landlord has the keys to the front door. The same is true for cloud storage. When you store data in the cloud, you are renting space. The cloud provider has the keys to your data.

Is this always the case? Actually, no. There are rental contracts that provide exclusive access to a property, especially when the property contains valuable items, such as jewelry or a bank.

Stash is a library that offers the equivalent of exclusive access, like in a jewelry. to you and the people you trust.

Cryptography is the key

Similar to a physical key, a cryptographic key allows to access to space where something valuable, your data, is stored. In fact, a cryptographic key is more like a dictionary that allows you to translate a message from one language to another. One of the earliest examples of a cryptographic key is the Caesar cipher, where each letter of the alphabet is shifted by a fixed number of positions. The key in this case is the number of positions to shift, and it can be relatively easy to guess.

Today, cryptographic keys are much more complex, but the principle remains the same.

A cryptographic key is enough when you want to keep your data private. You may rent some storage space in the cloud and encrypt your data before sending it. This is pretty similar to having a door key for your studio apartment. But what if you want to share your data with someone else?

Like in a normal family, you can simply make copies of the key and share with people you trust. Copying a physical key is easy, and so is copying a cryptographic key. More complex is revoking a key when you cannot fully trust a person. In the physical world, you would need to change the lock and distribute new keys to everyone else. In the digital world, you would need to re-encrypt the data with a new key and distribute the new key to everyone else.

This becomes easily unmanageable when you have many people to trust. A better solution is that each person has a small mailbox where you can drop a copy of a new key. The equivalant in the digital world is a public key, where you can safely drop a new key without anyone else being able to read it.

Stash

Stash is a library that implements this concept. Data is encrypted on your available storage, locally or more likely on the cloud. The encryption key is never shared with the cloud provider. Instead, the key is encrypted with the public key of the people you trust and only these people can decrypt the key and access the data.

The library is structured in multiple layers. At the lowest level Store, it utilizes a generic storage interface, which can be either local or remote, with S3 and SFTP as initial implementations. The aim is to offer a simple interface for storing and retrieving data, abstracting away the complexities of the underlying storage system.

At the second level, i.e. Safe, the library provides encryption capabilities, to limit access to the people you trust. Each trusted individual must share both a public key and a personal key. The corresponding private key should remain confidential and known only to the individual.

All the data is encrypted with a symmetric key on two levels:

  • The data is encrypted with a random symmetric key, which is stored in the metadata.
  • The metadata is encrypted with another random symmetric key. The encryption key for the metadata is encrypted with each individual’s public key. All encrypted keys are stored in a group file on the underlying storage.

While everyone with access to the storage can read this information, only the individual who shared their own public key can decrypt the keys for the medatada and then for the data. Multiple groups can coexist in the same safe, similar to Unix access control design.

To grant access to a new person, encrypt the metadata key with the new individual’s public key.

Revoking access is more complex. In this case, generate a new encryption key for the metadata and encrypt it with the public keys of all individuals who should retain access.

The other layers built on top of the Safe offer alternative and familiar data interfaces:

  • FileSystem: A file-oriented API that allows storing and retrieving files.
  • Database: A wrapper on SQLite that offers distributed updates across local databases using the Safe as a mediator.
  • Comm: A mailbox-oriented API for peer-to-peer communication.

Documentation and samples are available in the Git repository https://github.com/stregato/stash.