Skip to main content

Share

What is the Blue Share Symbol Showing in Front of Vault Files and Directories?

The Share symbol indicates that the file or directory is being shared with one or more users. You can view all your shared files and directories in the Shared by Me folder in the left panel.

Why can I not Share a Resource as an Admin?

1. You do not have the resource key for that specific resource.

Unless the file's creator shares the correct resource key with you, you will not be able to access the resource.

2. You do not have the appropriate permissions in your user profile.

Your Super-admin must enable the following permissions for you:

  • . Basic Vault Interaction
    • . Share own files
  • . Basic VM Interaction
    • View drive keys (necessary to share/attach)
    • Share drives
    • View own VM configs and configs shared with them
    • View own VMs and VMs shared with them
    • Connect to own VMs and VMs shared with them
    • Share VMs with other users
note

Every resource is protected by its own resource key, which cannot be brute-forced in any way. Breaking a resource key would take as long as the universe's age, even with all the computational power available worldwide.

Permissions

As an admin, you can destroy keys, delete them, or reassign resource ownership. However, as an admin, you cannot grant another user access to a resource because you do not have access to the resource yourself. This is possible because resources are SHA 256 encrypted.

What is the Key Exchange Difference in tiCrypt Mechanism?

Traditional solutions perform key exchanges on servers, a highly risky approach from a security perspective. If an attacker compromises the server, all encrypted files can be decrypted and stolen.

In tiCrypt, the server never sees the resource key. The exchange occurs on the user's browser in under 0.1 milliseconds.

Who Decides which Users can Share a File?

According to the Effective Access principle in tiCrypt, the user determines file sharing through their public-private key pair, while the admin manages sharing via access-controlled permissions.

Sharing is a cryptographic key exchange that is only possible when the user has access to the resource key and the permission to share.

When sharing a resource which has its resource key:

  1. You only decrypt the resource key with your private key.
  2. You encrypt the resource key with the user's public key you share the resource with.

The two actions above take place simultaneously in tiCrypt.

Resource keys apply to all tiCrypt objects (Files, Groups, Drives, etc.). Keys restrict access to the drive. Only the resource owner can share the resource.

To Remember
  • Sharing is the intersection of who is allowed to share (access control) and who has the resource key (cryptographic).
  • Each resource is encrypted with randomly generated AES-256 keys.
  • Every resource has its own uniquely generated resource key made of the private key and public key of the user who created it.

What is the Step-by-Step Cryptographic Mechanism when Sharing a File in tiCrypt?

The creator of the file shares the file with you.

  1. The backend uses the private key of the user sharing the file to encrypt it.
  2. The backend combines your public key with the sharer's private key to generate a new resource key for you.
  3. The backend ensures that both users have sharing permissions enabled.
  4. The backend uses your private key to decrypt the new unique resource key, granting you access to the shared file.

You share the file with another user.

  1. The backend checks your private key to encrypt the file.
  2. The backend combines your private key with the recipient's public key to generate a new resource key for them.
  3. The backend verifies that you both have sharing permissions active.
  4. The backend uses the recipient's private key to decrypt the new unique resource key, granting them access to the shared file.
To Remember
  • The private key is never exposed in the backend, tiCrypt system, local machine, or browser.
  • Keys are stored in memory for the shortest time possible (under 0.1 milliseconds).
  • Files cannot be shared without your own public-private key pair.

How does my Private Key Helps me Receive a File?

note

You do not have to perform anything in the front end; the following process happens in the backend under 0.1ms automatically.

Receiving a file requires your fingerprint and your private key blended.

fingerprint + private key = digital signature

Once the sender's digital signature is sent to you, your public key is used to verify the user's digital signature you received.

info
  • You cannot perform anything in the system without your public key.
  • The public key is stored on the server.

What is the Cryptographic Sharing Difference between Vault and Virtual Machines?

In a Virtual Machine, users do not have a cryptographic sharing similar to the Vault because they use either Linux VMs or Windows VMs. Communication with the VMs is Cryptographic, while the drives and tunnels are encrypted.