PrivMX DOCS
Version 2.5/Kvdbs

Encryption

Encryption in KVDBs

Each entry is protected by a synchronous key, which is further secured using an asynchronous pair of public and private user keys. This dual-layer encryption ensures that the system remains both safe and efficient.

Encryption Scenario

Only an end user can create a KVDB, by providing a set of public keys for the users who should have access to the KVDB.

A symmetric key for the KVDB (KVDB Encryption Key) is then generated by the KVDB author and securely stored on the server, encrypted using public keys of users assigned to the KVDB. This ensures that only the authorized users have access to the KVDB's Encryption Key. Unencrypted keys never leave User Endpoints.

When accessing a KVDB, the encrypted KVDB Encryption Key is sent to each user based on their assignment to the KVDB. Only the users with proper Private Keys can decrypt KVDB Encryption Key. Using the decrypted key, entries are encrypted and signed with the users’ Private Keys before being sent to PrivMX Bridge.

This process is handled by PrivMX Endpoint and is completely seamless for the users.

We use cookies on our website. We use them to ensure the proper functioning of the site and, if you agree, for purposes we set, such as analytics or marketing.

Overview

KVDB container is a structured communication tool used for shared key-value collection.

Managing KVDBs

At their core, KVDBs provide a secure way for assigned members to exchange encrypted entries.

On this page