Cloud-stored keys
Last updated
Last updated
Cloud-stored keys are public-private key pairs used by Confidencial . The public key of the pair is stored in the The private key is split into multiple parts, called “shards,” with each shard being stored in a different physical (and virtual) location. This is done to increase the security of the private keys - if any one private key shard storage location is compromised, it poses no security threat to content protected with those keys, as multiple shards of a private key are required to decrypt content.
What this means is that an attacker would have to compromise Confidencial’s backend infrastructure AND a third-party’s backend infrastructure AND they would have to compromise your chosen document store - whether that be the cloud, your organization’s internal network, or your computer - to gain access to your Confidencial-protected data.
Individual account users can also opt to store their private key themselves if they wish to not use a cloud-stored key. See .