Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Encrypted Container File: Design and Implementation of a Hybrid-Encrypted Multi-Recipient File Structure

Tobias J. Bauer, Andreas Aßmuth

TL;DR

ECF addresses the problem of secure, fine-grained access control for confidential artifacts in cloud-based, multi-party software development. It introduces a hybrid-encrypted, multi-recipient file structure with a public/private partitioning scheme and per-recipient key material, enabling on-demand decryption and selective access without distributing a single shared key. The approach combines X25519 for key agreement, Ed25519 for signatures, AES-256-GCM for confidentiality, and SHA-512 for hashing, with recipient information obfuscated to hide the true recipient set; it also supports dynamic operations such as adding or removing recipients and modifying content. A C# PoC demonstrates the design, including private-key management via Argon2id-protected keys and a library-centric implementation suitable for embedding in existing applications. The work advances practical secure collaboration in cloud VCS workflows by balancing strong cryptographic controls with operational flexibility and extensibility, and it outlines concrete paths for expanding cipher suites and features in future work.

Abstract

Modern software engineering trends towards Cloud-native software development by international teams of developers. Cloud-based version management services, such as GitHub, are used for the source code and other artifacts created during the development process. However, using such a service usually means that every developer has access to all data stored on the platform. Particularly, if the developers belong to different companies or organizations, it would be desirable for sensitive files to be encrypted in such a way that these can only be decrypted again by a group of previously defined people. In this paper, we examine currently available tools that address this problem, but which have certain shortcomings. We then present our own solution, Encrypted Container Files (ECF), for this problem, eliminating the deficiencies found in the other tools.

Encrypted Container File: Design and Implementation of a Hybrid-Encrypted Multi-Recipient File Structure

TL;DR

ECF addresses the problem of secure, fine-grained access control for confidential artifacts in cloud-based, multi-party software development. It introduces a hybrid-encrypted, multi-recipient file structure with a public/private partitioning scheme and per-recipient key material, enabling on-demand decryption and selective access without distributing a single shared key. The approach combines X25519 for key agreement, Ed25519 for signatures, AES-256-GCM for confidentiality, and SHA-512 for hashing, with recipient information obfuscated to hide the true recipient set; it also supports dynamic operations such as adding or removing recipients and modifying content. A C# PoC demonstrates the design, including private-key management via Argon2id-protected keys and a library-centric implementation suitable for embedding in existing applications. The work advances practical secure collaboration in cloud VCS workflows by balancing strong cryptographic controls with operational flexibility and extensibility, and it outlines concrete paths for expanding cipher suites and features in future work.

Abstract

Modern software engineering trends towards Cloud-native software development by international teams of developers. Cloud-based version management services, such as GitHub, are used for the source code and other artifacts created during the development process. However, using such a service usually means that every developer has access to all data stored on the platform. Particularly, if the developers belong to different companies or organizations, it would be desirable for sensitive files to be encrypted in such a way that these can only be decrypted again by a group of previously defined people. In this paper, we examine currently available tools that address this problem, but which have certain shortcomings. We then present our own solution, Encrypted Container Files (ECF), for this problem, eliminating the deficiencies found in the other tools.
Paper Structure (19 sections, 1 figure)

This paper contains 19 sections, 1 figure.

Table of Contents

  1. Introduction
  2. Related Work
  3. Requirements Engineering
  4. Structure and Operations of the Encrypted Container File
  5. Usage in Practice
  6. General Structure and Data Type Storage Format
  7. Public Fields
  8. Private Fields
  9. Decryption Process
  10. Encryption Process
  11. Further ECF Operations
  12. Modification of Confidential Data
  13. Addition of a New Recipient
  14. Removal of a Recipient
  15. Implementation Details
  16. ...and 4 more sections

Figures (1)

  • Figure 1: Diagram of the most important components of an ECF and visualization of the interrelationships.