Intro
Hello forum. I’m mid-level software developer getting familiar with the decentralized web. So, this is all new to me.
Anyway, I am building out a proof of concept for some app, but running into a problem.
Problem
The main idea here is: Restricting access to a file uploaded on IPFS to certain users.
Example:
- User A uploads a PDF, which should only be accessible to those who paid
- User B pays User A, and is granted access
- User C has not paid, tries to access file, but access is denied
The example given above is the general flow I’d like to accomplish.
Research Done
Here are some of the links I’ve taken a look at so far:
- Dropbox-like application on IPFS
- The 5 steps to end-to-end encrypted photo storage and sharing
- I also saw another one on Ethereum Stack Exchange, but can’t post it since I am new
- Here is the thread title: ipfs-conditional-access-control-through-ethereum-smart-contracts
Current Thought Process/Solution
At a high level, this is what I am thinking:
- User A gets a private-public key pair per PDF/file uploaded
- User B purchases PDF
- User A shares private key (to access PDF) with User B; the message is encrypted with User B public key, thus, giving said user the ability to “decrypt” the private key (to access PDF) with their private key
- User B is now able to access file
Questions
- Does the above flow work? If not, why?
- If approach works, what security vulnerabilities can I run into with this approach?
- Are there currently any tools that abstract this process?
PS: I’m a SUPER SUPER noob with dWeb, so forgive any obvious/dumb mistakes I’ve made in my assessment.
Best,
Bryan