Proof-of-key to show that authenticate visitor log

[Tethik]

Why?
To show if someone requested the data, but did not have the key. Also to protect the privacy of the authenticated visitors against bad visitors that did not have the key we could make sure that the log is only presented after authentication.

Implementation ideas:

Just noting down my thoughts here.

Simple token

1. The author includes a uuid inside the ciphertext when creating it. It also sends it to the server in the plaintext submission.
2. On "open" a legitimate visitor decrypts the ciphertext, gets the token and sends it to the server.
3. Upon receiving the correct token, the server marks the visitor as legitimate in the logs. Until then it will remain tagged as unauthenticated.

This lets the server authenticate the visitor. The server has the power to spoof legit visitors as well as mark visitors as bad.

HMAC signed

1. On open the server sends a challenge token to the visitor.
2. Client should then try to sign the token using the private key and send signed token back to the server.
3. The server saves the signed token in the log row.
4. Another visitor opens the document, the server renders the logs with the signed tokens. The other visitor authenticates the tokens using the secret key.

Problem: server can replay tokens to authenticate visitors so very small benefit. If there is only one e.g bad visitor, the server can't spoof the correct signed token.

Encrypted log

• Store the visitor log as an encrypted blob
• Visitors take the log, decrypt it, add their own row, then upload it back to the server encrypted.

Problem: visitors can decide to not log themselves. That is a huge problem since the whole point of the log is to detect intrusion/surveillance. An adversary could in that case easily intercept messages and not leave a trace.