In cloud based environments the data is managed by a third party. This raise several security, confidentiality, moral and legal questions, and most importantly: how can such third party prove to the data owner that only authorized persons can access to the stored information? Client sided encryption is a good solution for that, but not enough. Authentication of users and establishment of trust relationship in an untrusted environment are some of the challenges which need to be solved for real cryptography based permission management. In this thesis I show a conceptual extension of Tresorit for read and write permission management, taking into account that end users can have insecure mobile devices. My design based on standard X509 public key certificates and an extended version of attribute certificates. I also introduce protocols and solution for authentication, certificate exchange, mass-signature of files, users’ own private key management and a new administration concepts in cloud based on Active Directory.