How are shared vaults encrypted? How is sharing possible if you don't know my password or key?

shirabatya
shirabatya
Community Member

I was shocked that when I invited my husband to be a family member on onepassword, I did not need to show him the key.
Rather, onepassword generated him his own key and then asked him to create a password.

How is this possible if only I know my key? Surely a family member cannot join without being given the key by myself and no one other than myself.

I am now worried that the passwords in shared vaults are not secure. How did that data et unencrypted by him without the key that only I know? was the key emailed to him? If so, how? by whom?

Very worried here.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @shirabatya,

    So the best place to start is by first understanding that a lot of complexity is hidden under the surface. When you sign up an account key is generated for you and you supply a Master Password but this is just the very first layer of encryption. These two pieces of information directly encrypt everything but instead encrypt access to a set of keys. I want to try avoiding too much detail at this stage but there are reasons for this and it all comes down to mathematics. The first set of keys are asymmetric and this is important. It's like how PGP for encrypting emails to other people works. There's the public key that is expected to be freely distributed and there's the private key which is kept safe. The key feature is the public key can be used to encrypt data that only the private key can decrypt.

    So you invited your husband to be an additional member of your 1Password Families account and they signed up. When they signed up a unique account key was generated for them and they supplied a Master Password. These were used to create the public and private keys. You were then required to approve the account which you can only do when you're signed in via the web interface. By approving the account you authorised the system to encrypt the shared vault key (which you have access to) using the public key for your husband. When he logs in he can decrypt this and gain access to the shared vault all without us having ever having any access to the keys in an unencrypted state.

    So your account key is personal to you just as your Master Password is. Neither is known by us and the system doesn't need either to share access to a vault. Instead it's the use of the public keys that allow you to safely share access between members connected to the account that allow this feature but still keeping us at arms length from your data.

    We discuss this and much more in a lot of detail in a white paper available on our security page at 1Password.com. It's not a light read and cryptography is not an easy subject but if you're interested it goes into a lot of detail so that people can feel reassured about how it works and the lengths we've gone to ensure we cannot access anything.

This discussion has been closed.