Crypto-mail-safe
Introduction
At Techinc we end up having to deal with having to store Identification-documentation in a secure manner because of requirements that Urban Resort puts on us for the availability of RFID-fobs to open the door to the building.
As such, we've looked at a number of options on how to deal with these sensitive documents; ranging from storing them in a safe at the space, at someonebody's home, in a bank-vault, etc.
The challenges are several. They include, but are not limited to:
- Acquisition: how do we make the process of getting the document to us as secure as possible
- Storage: How do we store it so that only authorized people entrusted with access can get to it securely
- Access: How do we implement any kind of access-control that we can verifiably demonstrate is secure/honest towards our members
- Change of roles: How do we ensure that people who do not need access anymore lose their ability to access these types of documents.
What follows is a proposal from me (User:Justa) to address a number of these issues via a system based on cryptograpy, using mail as transfer-method and crypted image-files as a manner for storage. I will try to explain the theory of operation, it's challenges and it's limitations as honestly as possible.
==