Message for expanding the audience of existing content

Access to existing content can be given either on a per-message basis, or by sharing the current and previously used SKB with new Readers.

Access to single messages can be granted by sharing the CEK of these messages with new recipients. SKB could either be shared by preparing a SKB sharing message to the new Readers (as seen above), which is then added to the pool; or by simply sharing the CEK of the most recent SKB distribution message that is already in the pool.

For distributing a message’s CEK to new users, there are two possible solutions which we will evaluate for feasibility, security, usability, and implementation prior to implementation of the preferred solution.

1. Option

   1. Create a message m* with the format of m’, but containing one or more CEK instead of SKB.

   2. Encrypt it for PKUser as well as PKB

   3. Add to bucket

   4. The holder of SKUser can decrypt the message and access CEK, which they can then use to decrypt the original message ciphertext (ignoring the JWE headers).

2. Option

   1. Directly encrypt CEK for PKUser

   2. Combine the encrypted CEK, decryption information, and a reference to the original message into a JWE header

   3. Add only the detached JWE header to the bucket

   4. The holder of SKUser can combine the JWE header with the original ciphertext and then decrypt the resulting DIDcomm message as usual