Two-way Encryption Mechanism

Summary

There are two scenarios that require encryption

Encrypt data by adding a DID.

Tagged encryption works according to the following steps:

Each agent must have a generated DID address.
Alice uses a unique symmetric key (sKn) for encrypting each piece of content and each file while streaming to the Box.
After the file has been successfully stored to the IPFS node, it returns the CID for each encrypted file to Alice.
Alice now gives Bob access to the file by issuing him a JWE Doc with BOB`s DID address, symmetric key (sK1) and CID
Bob decrypts the document using his own DID address and then obtains the symmetric key (sK1) to get the file that belongs to Alice. As a result, BOB gets the CID and sends a request to the Box.
Bob decrypts the data with sK1 while streaming it from the Box.

tagged-encryption

Tagged Encryption Sequence Diagram

See here for tagged encryption sample code.

With assymetric encryption, no one needs to share DID identity with others, they just need to know a PubKey.

Asymmetric Encryption works according to the following steps:

First, each application must have a generated DID address and PublicKey.
Alice uses a unique symmetric key (sKn) for encrypting each piece of content and each file while streaming to the Box.
After the file has been successfully stored to the IPFS node, it returns the CID for each encrypted file to Alice.
Alice now gives Bob access to the file by issuing him a JWE Doc with BOB`s PubKey, symmetric key (sK1) and CID.
Bob decrypts the document using his own PrivateKey and then obtains the symmetric key (sK1) to get the file that belongs to Alice. As a result, BOB gets the CID and sends a request to the Box.
Bob decrypts data with sK1 while streaming it from the Box.

Assymetric Encryption Sequence Diagram

Tagged Encryption Sequence Diagram

See here for assymetric encryption sample code.