The Distributed Key Manager (DKM) provides a solution for securely sharing data amongst multiple machines and multiple users/service accounts. DKM is a client-side library that lets users encrypt data under a shared group secret key so that only members of the group can decrypt the data. Our API is very similar to the familiar DPAPI: the caller creates a GroupKey object and binds it to a group of users.
- Tolga Acar, Cedric Fournet, and Dan Shumow, Cryptographically Verified Design and Implementation of a Distributed Key Manager, no. MSR-TR-2014-48, 15 April 2014.
- Tolga Acar and Lan Nguyen, High Assurance Policy-Based Key Management at Low Cost, no. MSR-TR-2014-49, April 2014.
- Tolga Acar, Mira Belenkiy, Lan Nguyen, and Carl Ellison, Key Management In Distributed Systems, no. MSR-TR-2010-78, 17 June 2010.
- Tolga Acar, Mira Belenkiy, Mihir Bellare, and David Cash, Cryptographic Agility and its Relation to Circular Encryption, in EUROCRYPT 2010, Springer Verlag, May 2010.