hierarchical encryption scheme

Question

I am in need of the "hierarchical" encryption scheme, where there is Master key (MK) and derivative keys (DK) which can be derived from the MK. Ie.

• MK => DK1
• MK => DK2
• MK => DK3.

Strangers can encrypt some message with DK1, DK2 or DK3, and those messages can be decrypted using DK1, DK2 or (and?) DK3. In addition, I want those messages to be decrypted using MK. Is it possible? Is it reliable? Do I have my head in the clouds?

Regards, M.

Answer 1

A partial solution. You own the master key, MK and keep it secret. Use that master key as part of the input to a key derivation function(KDF):

KDF(MK, "DK1") => DK1
KDF(MK, "DK2") => DK2
etc.

That will allow you to generate as many derivative keys as you need, each with a different input.

You can pass the DKs to other people without telling them the MK. They can encrypt and decrypt using their own DK. You can recreate their DK whenever you want, since you have the MK and know what the other information you used was.

You won't be able to decrypt their messages directly using the MK, but you will only have the one secret key to store, rather than a lot of them. You can securely delete each DK after you've used it since you can always recreate it as will.