To be able to encrypt something, there must already exist a corresponding decryption key.
This is of course a problem if you don't know all receivers of a document at the time you publish it.
A naive solution would be to encrypt each document for each new receiver (too computation, bandwidth and storage heavy).
To solve this, HYKER implement a two layer (or two step) encryption solution.
Side notes:
a) There are two types of crypto keys, symmetric and asymmetric:
A symmetric key is used for both encryption and decryption and must be shared between sender and receiver.
An asymmetric key is really a key-pair. A public key and a private key. The public key is used for encryption and the private key is used for decryption.
In the later case, the whole key-pair does not need to be shared between sender and receiver, only the private key.
b) A crypto key is of a fixed size not related to document file size, and almost always much much smaller than the document file itself.
The HYKER two step solutions works like this:
1. Generate a completely new and unique symmetric key and use that to encrypt the document. Then publish the encrypted document.
2. Encrypt that symmetric key for each receiver using a public key corresponding to a private that is already held by the receiver.
This system is efficient yet guarantees that now middle men in between the two ends can intercept the message.
To summarize:
Each receiver generates an asymmetric key-pair, publishes the public key and keeps the private key to him self. When a document is published, it's encrypted with an ephemeral symmetric key that is transported to the receivers securly using their public key.