When a Locker user initiates an Organization to share data, the following actions are performed:
- The Client generates an Org Symmetric Key encryption key for the Organization using the Cryptographically Secure Pseudorandom Number Generator.
- The Org Symmetric Key is encrypted using the AES-256-CBC Encryption algorithm with the RSA Public Key saved upon user Account Registration.
- Organization data is then encrypted and decrypted by the AES-256-CBC Encryption algorithm with the Org Symmetric Key.
The following diagram illustrates the Org Symmetric Key generation and storage.
The diagram below details the data encryption flow of Org Vault Item in an Organization.