Thank you for that comprehensive answer Svante :-)
What had originally confused me was how an old password could be used to decrypt a file if the key pairs were being regenerated. However I now understand that you retain the old key pair(s) so that if a user resets his password (and subsequently remembers his old one) that he can still decrypt previously encrypted data. Depending upon how many times a user forgets his password you may end up with a lot of key pairs on your servers!
I also wasn’t exactly clear on the difference between a password reset and a change but I now believe this to mean:
- A password reset regenerates the key pairs
- A password change re-wraps the existing key pairs
Assuming that I’ve understood your answers (i.e. my summary above is correct) then the only question I’d like clarification on is this:
“Yes. New encryption operations will use AES-128, but otherwise it all keeps on working.”
If as a premium user I share an AES-256 encrypted file with a free user will it still encrypt with AES-128 even though they’re sharing with a premium user?
Thanks again. ;-)