Encryption Scenario and Recommended Practice

We are trying to develop a system that can control end-user decryption without the ability to decrypt the data if we hold it. The end user can encrypt/decrypt when we send them our key in conjunction with their key.

Or (we are Bob below)

• Alice generates two keys. One for her, the other for Bob.
• Assume Alice will have Bob's key only when needed (controlled operations).
• Alice encrypts a 开发者_Go百科blob using her own and Bob's key.
• Bob's key alone can not decrypt Alice's blob.
• Alice's key alone cannot decrypt her own blob.
• Eve has access to Alice's key and blob. Eve cannot decrypt Alice's blob.

Which crypto system, if any, does this scenario portray? To me it is Diffie-Hellman, except the first step, Alice generates two keys.

Does such a system exist or can you recommend a best practice for this scenario? TYIA

You're probably looking for Secret Sharing schemes, which make it possible to require t of n users operations. (In this case, 2 of 2.)

An excellent reference is the Handbook of Applied Cryptography, Section 12.7 Secret sharing.