Mutlkey Encrypted record (UTS??)


A standard container capable to be decrypted with one or multiple different keys of different encryption type.

The Encrypted Record [ER] is encoded using BOSS binary format.

General structure

encrypted_record = header, encrypted_data;

This is a BOSS stream that allows to avoid unnecessary reading/decoding data after analyzing the header.

header = array(description, array(crypto_record));

description = map<String,Any> | null;

Description

A Map where keys are arbitrary strings and values could be of any type supported by BOSS. Recommended keys are: name, description.

CryptoRecord

This is a small record that allow keep small encrypted data in a way so many different keys (e.g. password, private keys, etc) could be used to decrypt it. In our case it is used to store key from the main data.

See CryptoRecod for details

Data record

Universa EtA encrypted data of any type, encrypted with a key that could be obtained decrypting any of key records. All key records contain the same main data key encrypted in different way (so more than one private key and/or password can be used to access the data record).

Key and data record separation

Depending on the storage requirements and specializations, header part could be stored separately from the data record part and be available with a separate API request, separate database record, etc.