International Business Machines Corporation
Identification of a creator of an encrypted object

Abstract:

Embodiments include encrypting an object such that the creator of the encrypted object can be identified. Aspects include receiving, by a processor, an unencrypted object that includes plaintext and metadata that describes the plaintext and obtaining, by the processor in response to a request from a user, a data encryption key (DEK) and a nonce key for the unencrypted object, the nonce key being unique to the user. Aspects also include encrypting, by the processor, the unencrypted object. The encrypting includes generating a nonce based at least in part of the plaintext and the nonce key and generating ciphertext and a metadata authentication tag comprising a signature of the metadata, the generating based at least in part on the plaintext, the metadata, the DEK, and the nonce. Aspects further include creating an encrypted object that includes the ciphertext, the metadata, and the metadata authentication tag.