Encrypting content stored on untrusted CDNs

On Tue, 28 Feb 2012, Mark Watson wrote:
> 
> The server is not necessarily trusted. As I said, https services from 
> CDNs (where they also sell you trustworthiness) are more expensive than 
> http ones.
> 
> So I want the content encrypted in storage as well as transport.

This particular use case makes a lot of sense, and seems much more broadly 
applicable than just media. For example, you could have a CDN store 
private user information in the form of a JSON blob but want it encrypted 
on the CDN. Or you could have the user's private image library stored on a 
CDN, and want only the user to be able to see the content.

One way to solve this would be to provide a method that takes an 
ArrayBuffer key and a URL, and have any subsequent fetch of that URL for 
the browsing context be decrypted automatically using that key:

   navigator.addKeyForURL('http://cdn.example.net/video123', mykey);
   myVideo.src = 'http://cdn.example.net/video123';
   myVideo.autoplay = true;

The scoping for such a feature would be hard to specify though.

Another way would be to do something similar to what Blob does, namely 
create an object that returns a new URL representing the decoded resource, 
as follows:

   var data = new DecodedURL('http://cdn.example.net/video123', mykey);
   myVideo.src = URL.createObjectURL(data);
   myVideo.autoplay = true;

(We can't use Blob itself because this has to be done cross-origin.)

Data would be encoded using AES256. I guess we could actually allow 
AES128, 192, and 256 by just allowing the key argument to be either 16, 
24, or 32 bytes long.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Tuesday, 28 February 2012 23:10:22 UTC