Given a system that shares files for client-side decryption where the server does not know the encryption keys (just stores them in an encrypted form), is it – when sharing a file with a non-user – better to either
- share the file encryption key directly (e.g. client downloads the file-specific encryption key, decrypts it and attaches it to the URL hash of the sharing URL, basically what Firefox Send is doing), or
- additionally encrypt the file-specific encryption key with a newly generated encryption key, and share this key (client downloads the file-specific encryption key, decrypts it, re-encrypts it with the newly generated key and stores a copy of the result. The client then shares the generated key, with which the downloading client can decrypt the actual file-specific encryption key)
The benefit I see with option two is that the underlying key isn’t immediately exposed in the URL hash – the downloading client first needs to download the actual file key. However, the downloading client will still receive the actual file key, so it’s not necessarily safer and might just add an unnecessary level of abstraction.
What would be the proper way to go here?