encKeyName property
The name of the key used to encrypt the AtValue
- If not provided, use sharedKeyEnc in this metaData.
- If sharedKeyEnc is not provided in this metadata, use the default shared key.
For example if this is @bob and the data was shared by @alice, then @bob will use
the key at
@bob:shared_key@alice
- When encKeyName is provided, just the key name must be provided - neither the visibility prefix
nor the sharedBy suffix should be included. For example @alice might choose to encrypt some data
to share with bob at
@bob:some_data.wavi@alice
, using the shared key they have shared at@bob:key_12345.__shared_keys.wavi@alice
. The encKeyName in this case must be provided askey_12345.__shared_keys.wavi
- Note: The same scheme holds for data encrypted by @bob for @bob's own use. In this case we don't call it a "shared" key but instead we call it a "self" encryption key.
- Note that the legacy default self encryption key is not stored in the keyStore but is kept in the set of keys held by applications.
- In future we will (1) store the self encryption key in the keyStore, encrypted with one of
our encryption public keys, and (2) allow creation of many 'self' encryption keys and store them
in an application namespace. For example @bob might create a self encryption key at
key_54321.__self_keys.wavi@bob
; if used to encrypt some data for self, then the encKeyName would be set tokey_54321.__self_keys.wavi
since the sharedBy of the encrypting key will be the same as thesharedBy
of the encrypted key.
Implementation
String? encKeyName;