K_N) and sends the public key to the backend which stores it together with the node ID. The private key
K_Nnever leaves the node. The purpose of the node keys is only to facilitate the secure distribution of the organization private key to the nodes.
Kis only presented locally in the user's browser to save somewhere securely. This is shown only once, and if lost, cannot be recovered. The public key
PubKis sent to the backend to be stored there in the organization profile.
Kinto the browser. The application will download the public keys
PubK_Nof the nodes participating in the distribution and encrypt
Klocally with n different
PubK_N, thus resulting in n different messages
enc(K, PubK_N). Those messages will be sent to the backend which will cache them and forward them to the corresponding nodes.
enc(K, PubK_N)will be decrypted with this nodes private key
K_Nand the resulting organization key
Kwill be stored in the part of RAM that belongs to the weeve agent. This way the organization's private key
Kis never stored in plaintext either on nodes or in the backend.
K(e.g. in case of a restart) it can request the cached message
enc(K, PubK_N)to be delivered again.
Kis compromised the user can generate a new one and repeat the distribution procedure.
PubKfrom the backend and encrypts the secret value
Vwith this public key in the browser creating
enc(V, PubK). The encrypted value is then sent to the backend, where it is stored together with it's label to be used in edge apps' manifests.
enc(V, PubK)according to the labels in the manifest.
Kfrom RAM to decrypt
enc(V, PubK)and provide the plaintext value
Vto the edge app. The value
Vwill also only be stored in RAM and handled according to the edge app's logic.