An encrypted file sharing system is based on a method for achieving security of network storage at a file system layer. The system provides end-to-end security, that is, file data is stored on a proxy server after encryption, and all operations involved in the encryption and decryption of files in the system are completed on a client. Ciphertext data is stored on the proxy server, which prevents information leakage caused by system hacking or unauthorized operations of a manager.
The main problem that the encrypted file sharing system faces is key management, including creation, accessing, distribution and revocation of keys. The existing key management methods in the encrypted file sharing system can be divided into two types: one is to access files in groups, namely, to group files having the same access right together, the same group of files sharing one key, which is sent to authorized users by a file owner or a trusted third party; and the other is to encrypt the keys of the files with the public key of each authorized user, where each file may have different encryption keys after a series of computations executed by the proxy server.
Proxy re-encryption is rather typical for the use of the second type of methods, which is characterized by the capacity of achieving granularity-level sharing of the files, and the key in the encrypted file sharing system using the proxy re-encryption may be distributed to authorized users by a partially trusted proxy in specific implementation.
The existing proxy re-encryption requires each user to possess a public key and a private key, in which the public key is a key made public by a user to another user who is authorized by the user, while the private key is a key that is saved by a user and only known to the user; furthermore, data or a file encrypted with a certain public key can only be decrypted with a corresponding private key, and likewise, a file encrypted with a certain private key can only be decrypted with a corresponding public key.
In the prior art, there is only one proxy server participating in the existing proxy re-encryption method; as a result, if the proxy server fails, the proxy re-encryption process may not be completed smoothly, and the file sharing process will be forced to end. Therefore, the existing proxy re-encryption method has low reliability and security.