@leefnode.bsky.social
Thanks for this post! One question - don't the Tink keysets act like a master key for everything they encrypt?
So if a keyset is used to encrypt PII via envelope encryption (then stored in a DB) does the decrypter need access to the keyset? Does that grant decryption access to all data keys?
So if a keyset is used to encrypt PII via envelope encryption (then stored in a DB) does the decrypter need access to the keyset? Does that grant decryption access to all data keys?
December 15, 2024 at 6:00 AM
Thanks for this post! One question - don't the Tink keysets act like a master key for everything they encrypt?
So if a keyset is used to encrypt PII via envelope encryption (then stored in a DB) does the decrypter need access to the keyset? Does that grant decryption access to all data keys?
So if a keyset is used to encrypt PII via envelope encryption (then stored in a DB) does the decrypter need access to the keyset? Does that grant decryption access to all data keys?