Hierarchical Encryption

Question

Is there a way to setup a hierarchical encryption using public key encryption ?

Let's say a higher level user can decrypt messages encrypted by lower level users. Is it something possible ? I guess it is only possible to do with hierarchical key management, like the higher level users have access to the lower level user's keys.

Any other option to do something like this ?

Answer 1

What I'd propose is, to some extent, an extension of your hierarchical key management idea.

Here's the core idea: We use a cryptographically-strong random secret to encrypt the file symetrically (public-key-encryption of large datasets is actually quite slow, so most software like GPG uses a symmetric block cipher to encrypt the data, then they public-key-encrypt the random secret.). The random secret itself is encrypted with the key of each user that is allowed to access the data.

This scheme is similar to when you send a PGP message to multiple receivers. It's quite simple, but the problem is you have to update any encrypted data if users are added, modified or removed. Generally you can introduce intermediary keys to counteract this effect.

In order to address these issues, cryptographers invented HIBE (Hierarchical Identity-Based Encryption). If you want to use this in a real application, please don't build the crypto stack yourself, but use proven, peer-reviewed algorithms.