Hacker News new | ask | show | jobs
by coderzach 4139 days ago
How are keys shared between users?
2 comments
woloski 4139 days ago
The encryption keys are on the server. We encourage you to deploy your own sharelock instance. We made that super easy with Heroku for instance (https://dashboard.heroku.com/new?template=https%3A%2F%2Fgith...). There is no storage, just a node app. And then you can configure the apps to use the sharelock instance. More about it: https://github.com/auth0/sharelock#host-your-own-sharelock-s...
link
sharvil 4139 days ago
Keys live on Sharelock server [1]

  Secrets are signed with HMAC SHA256 and encrypted with AES 256 CTR using keys that live on the Sharelock server
[1] https://sharelock.io/security
link
SpaceInvader 4139 days ago
So one have to trust sharelock. That's not very convincing, unfortunately.
link
woloski 4139 days ago
Read my response above.
link