top | item 44030224

(no title)

wim | 9 months ago

The workspace data is encrypted with a (symmetric) workspace key. Each user gets hteir own encrypted copy of that key, using the user's public key. By wrapping the data-encryption key for each user the content is only encrypted once but each authorized user can decrypt it.

discuss

I_am_tiberius|9 months ago

Ah ok. I guess that means when a user leaves the team, you have to re-encrypt the codebase with a new symetric key (as the user would still know the old symetric key)?

wim|9 months ago

Depending on the threat model you want to protect against, yes. For example, although a revoked user doesn't have direct access to data anymore, they could technically collude with us to get future encrypted messages and then decrypt them. At the moment rekeying is only possible by exporting a workspace, changing its key (with a command line tool), and then reimporting it.