Comment by wim
8 hours ago
The workspace data is encrypted with a (symmetric) workspace key. Each user gets hteir own encrypted copy of that key, using the user's public key. By wrapping the data-encryption key for each user the content is only encrypted once but each authorized user can decrypt it.
Ah ok. I guess that means when a user leaves the team, you have to re-encrypt the codebase with a new symetric key (as the user would still know the old symetric key)?
Depending on the threat model you want to protect against, yes. For example, although a revoked user doesn't have direct access to data anymore, they could technically collude with us to get future encrypted messages and then decrypt them. At the moment rekeying is only possible by exporting a workspace, changing its key (with a command line tool), and then reimporting it.
I didn't want to sidetrack you with this. I just wanted to know if I understood correctly. I believe this is nothing you need to worry about at this time. Thanks.