Expand description
Functionality for re-encrypting unlock (decryption) methods during user key rotation. During key-rotation, a new user-key is sampled. The unlock module then creates a set of newly encrypted copies, one for each decryption/unlock method.
Structs§
- Parsing
Error π - Reencrypt
Unlock πInput - Input data for re-encrypting unlock methods during user key rotation.
- V1Emergency
Access Membership - The data necessary to re-share the user-key to a V1 emergency access membership. Note: The Public-key must be verified/trusted. Further, there is no sender authentication possible here.
- V1Organization
Membership - The data necessary to re-share the user-key to a V1 organization membership. Note: The Public-key must be verified/trusted. Further, there is no sender authentication possible here.
Enums§
- Masterkey
Unlock πMethod - The unlock method that uses the master-key field on the userβs account. This can be either the master password, or the key-connector. For TDE users without a master password, this field is empty.
- Reencrypt
Error π
Functions§
- reencrypt_
emergency_ πaccess_ keys - Re-encrypt emergency access keys for the new user key.
- reencrypt_
organization_ πmemberships - Re-encrypt organization membership keys for the new user key.
- reencrypt_
passkey_ πcredentials - Re-encrypt passkey (WebAuthn PRF) credentials for the new user key.
- reencrypt_
tde_ πdevices - Re-encrypt TDE device keys for the new user key.
- reencrypt_
unlock π - Update the unlock methods for the updated user-key.
- reencrypt_
userkey_ πfor_ masterpassword_ unlock - to_
authentication_ πand_ unlock_ data