Question about symmetric key encryption
Hi, I was reading the 1password design document and I have a question. As I understand, all my items in a single vault are encrypted with the same symmetric key that's created by my own device when I create a vault. And this key will be used to encrypt all the items I add to that vault. If I'm using 1password on the web, where would this key be stored? Also, what happen if I delete this key?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
@Kevin234234 A public/private key pair is created on your device when your account is created. If you have access to a vault then a copy of the vault's symmetric key is encrypted with your public key and saved in your account. Your private key is encrypted with the key encryption key and saved in your account.
The webapp operates in the same way as the other apps. The main difference is that the software is downloaded on the fly each time you access the 1Password website. After a successful web login, your browser receives an encrypted copy of your database and associated encrypted keys. Your account password and Secret Key are used to derive your key encryption key. This is used to decrypt your private key which in turn is used to decypt your vault keys.
As far as I know, you cannot delete any 1Password keys. If your account password or Secret Key are compromised then you can change them. However, you cannot delete or rotate the underlying keys.
0 -
Hey @Kevin234234:
@rootzero mentioned everything I would have (thanks for the assist! 😎). In short, the symmetric key you're referring to isn't directly visible to you, so there's no need to worry about inadvertently deleting it. Let me know if that clears everything up, or if you still have questions!
Jack
0