Organization Data Sharing
One of the purposes of creating Organizations in Locker is to share data with group members. This feature is especially useful for organizations and groups that need to share passwords and confidential data with each other securely. Locker accomplishes this through widely recognized key exchange models, algorithms, and data encryption algorithms. In the Organization Initialization section, we learned that data in the organization’s Vault is encrypted using the AES-256-CBC encryption algorithm with the Org Symmetric Key. This key has been encrypted and stored in the Owner’s Vault. For another member of the Organization to access and read the encrypted Org Vault Item data, they will need the Org Symmetric Key to decrypt this data. At this point, the data sharing problem essentially becomes a key exchange problem for the Org Symmetric Key between the Owner and the Member. The RSA encryption algorithm helps us solve this problem. The diagram below describes the process of transferring the Org Symmetric Key from the Owner to a Member. Note that the Owner’s Org Symmetric Key has been successfully decrypted after being retrieved from the database. Refer to the decryption process in the Organization Initialization section.
