LogoLogo
ProductsCommunityGitHubShare Feedback
Storage Kit
Storage Kit
  • WHAT IS THE STORAGE KIT?
    • Introduction
    • Architecture
      • System Architecture
      • Functional Architecture
        • L1 | Data Encryption
        • L2 | Data Sharing, Versioning & Search
        • L3 | HL Server-Side Functions
      • Dependencies
  • Getting started
    • Quick Start
    • CLI | Command Line Interface
    • REST APIs
      • Server
      • Client
      • Service
    • Dependency (JVM)
    • Configurations
    • Build
      • Docker Build
      • Local Build
  • Concepts
    • Basic Concepts
      • Sessions
      • Client Set-up
      • Client Document Upload
      • Service Access
    • Advanced Concepts
      • Searchable Symmetric Encryption (SEE)
      • ZCap-LD (Authorization)
        • (Theory) Authorization Capabilities
        • ZCaps - Caveats Extension
  • Usage / Examples
    • Client CLI Examples
    • Client code examples
    • Simple service example
  • Community
    • Discord
    • Twitter
    • Newsletter
    • GitHub Discussions
  • DEVELOPER RELATIONS
    • Contribute
    • Roadmap
    • Share Feedback
    • Contact
  • Product Editions
    • Open Source | Always Free
    • Enterprise | Self-Managed
    • Cloud Platform | Managed
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Concepts
  2. Basic Concepts

Client Document Upload

When uploading a document, the users client will store a file key to the encrypted file index, chunk the file (explained below) and encrypt the chunks with the file key.

Encrypted search

  1. The underlying encrypted search implementation parses the document structure (depending on file format, e.g. JSON, XML, etc.)

  2. and creates a list of keywords that were found in the file. This is the search index for this file.

  3. It gets encrypted with the encrypted search key. This is the encrypted index.

Chunking

  1. The document is split into chunks. Chunks may not have a size exceeding the maximum of 1 MiB each. This is restricted per the Confidential Storage specification document.

  2. Each chunk is individually encrypted with authenticated encryption using a file key.

  3. An index (Resource Structure) is created, which is used to be able to recreate the file from the individual chunks later on. It gets encrypted, then being the encrypted chunk index (Encrypted Resource Structure).

Chunk transmission to the EDV

  1. The encrypted chunks are sent to the EDV using individual request authorizations using ZCaps.

  2. The encrypted chunk index and encrypted search index get stored in the EDV (each also being authorized using ZCap capability invocations).

PreviousClient Set-upNextService Access

Last updated 3 years ago

Was this helpful?