KeyTray
Why we need it?
KeyTray’s main functionality is to safely store a pair of SSE keys for the encryption of a user’s data and the reverse flow of providing the corresponding pair of keys for the decryption of a user’s data. It is located in the cloud and protected by ABAC,to be accessible by all ASCLEPIOS components in a secure manner.
How does it work?
Both SSE keys required for the proper SSE Encryption (SSE encryption key and SSE verification key) are encrypted by the CP-ABE service using the relevant policy via the local CP-ABE client to avoid exposing plain-text protected data. The pair of these two encrypted keys is stored in KeyTray, along with a unique id returned to the user. The user can use this unique id in order to access the pair of the encrypted keys and to decrypt the file that corresponds to those SSE keys.