One purpose of Organization Initialization in Locker is to share data among group members. This feature is especially useful for organizations and groups of people that want to securely share passwords and other confidential data. Locker implements this through key sharing algorithms and models as well as data encryption algorithms that are widely acknowledged to be reliable and safe.

As specified in the Organization Initialization, data in the Organization Vault is encrypted using the AES-256-CBC Encryption algorithm with the Org Symmetric Key. This key is encrypted and stored in the organization owner’s Vault. In order for a member to access and read the encrypted Org Vault Item, that member needs the Org Symmetric Key to decrypt the data. Essentially, the problem of data sharing now becomes the problem of Org Symmetric Key exchange between the organization owner and each group member. RSA Encryption can help us solve this problem.

The diagram below depicts the process of Org Symmetric Key transfer from the organization owner to a team member. It should be noted that the organization owner’s Org Symmetric Key has been successfully decrypted after being retrieved from the database. Further details about decryption are available at Organization Initialization.

After the Org Symmetric Key is obtained, data encryption and decryption in the Organization occur in a similar way to an individual user's Encryption and Decryption.

Data encryption in Organizations

 

Data decryption in Organizations