Forums Community What do you precisely keep on your servers and why ? Reply To: What do you precisely keep on your servers and why ?

#5720 Reply

Svante
Spectator

Hi Michel,

Jeremy points out the gist of the matter.

The “why” for most of the information should be obvious, but let’s expand on the encrypted private key. Just as Jeremy states, it’s serves as a backup should your device be lost or destroyed. More importantly, we use it keep it synchronized across devices so if you have two PC’s or a mobile phone, we’ll automatically download the private key to your device so you don’t need to keep track of it.

As to the security, Jeremy formulates it perfectly: “Having the key escrowed is no different to uploading an encrypted file to the cloud. If somebody can break into the encrypted private key then they could also break into the file without the private key. It makes no difference.

You’re mistaken when you say “another people need only my public key to decrypt what I’ve encrypted with my private key“. And it’s not a matter of opinon ;-)  Think about it. It doesn’t make sense. Your public key, is… public. Non-secret. If that was used to decrypt what you encrypted with your private key – where’s the security? It’s exactly the other way around.

It’s the public key that’s used when sharing with someone, but it’s the private key that is needed when someone shares a file key with you.

The public key of someone, perhaps yourself, gives anyone the capability to encrypt. But only the holder of the private key can decrypt that data. That’s why the private key is called private, because it’s private i.e. secret. It’s what enables you to decrypt something encrypted with your public, non-secret, key.