Enterprise keys are public-private key pairs in which the private key is split (”sharded”) between a Confidencial Key Server (CKS) that is hosted in an enterprise’s infrastructure and Confidencial’s cloud infrastructure. Using a CKS and enterprise keys offers end-to-end security, which means that the enterprise’s data is not compromised even if either the enterprise’s CKS or Confidencial’s servers are compromised - it would require the compromise of both infrastructures and the obtainment of encrypted documents for the data to be put at risk. When a CKS is used, Confidencial does not store any wholly-assembled private keys belonging to the enterprise. The public keys associated with these private keys are stored in Confidencial’s Public Key Registry, but these keys, by their nature, are intended to be widely distributed and their exposure poses no security risk.
Content encrypted exclusively for members of an organization with a CKS is protected in an end-to-end secure manner. However, content that includes recipients with a Confidencial individual account, while still secure, is not protected in the same way, as Confidencial individual accounts use Cloud-stored keys or Device-stored keys.