diff --git a/app/learn/concepts/encryption-key/storj-vs-user-managed-encryption/page.md b/app/learn/concepts/encryption-key/storj-vs-user-managed-encryption/page.md index 0ca3a6c6f..43fadcd7e 100644 --- a/app/learn/concepts/encryption-key/storj-vs-user-managed-encryption/page.md +++ b/app/learn/concepts/encryption-key/storj-vs-user-managed-encryption/page.md @@ -12,7 +12,7 @@ When creating a new Storj project, users are able to select between "Storj Manag This page is intended to explain the difference between the two options, so that users can be better informed about which project encryption option is better suited to their use-case. -## Brief Overivew +## Overivew **Storj Managed Encryption** is best suited to: * users who want a streamlined web browser experience, similar to other cloud storage providers @@ -22,24 +22,17 @@ This page is intended to explain the difference between the two options, so that * users who want complete ownership of their data encryption keys * users who have more advanced/specialized encryption use-cases -## More Details +## Storj Managed Encryption -### Storj Managed Encryption +* Encrypts data using a passphrase stored (encrypted) in the satellite's database. +* Users are not prompted for passphrases in the browser. +* Applies to entire projects, allowing seamless access for all project members. +* No path encryption; files listed in lexicographical order. -Storj Managed Encryption means that object data is encrypted using a passphrase stored in the satellite's database. The passphrase itself is encrypted before being stored in the database, by a secret key managed by Storj. +## User Managed Encryption -Because the Storj-managed encryption passphrase can be retrieved by the satellite without the user needing to provide anything, the user never needs to be prompted for an encryption passphrase in the web browser. +* Encrypts data using a user-provided passphrase, not stored in the satellite's database. +* Users must remember and share the passphrase; prompts appear in the browser for certain actions. +* Path encryption is enabled by default; extra steps needed to list files lexicographically. +* Allows multiple passphrases within a project/bucket, though not recommended. -Because the Storj-managed encryption passphrase applies to an entire project, project members can all view and access the same files without first needing to exchange a shared encryption passphrase. - -Projects with Storj Managed Encryption do not have path encryption enabled. This means that files can be listed in lexicographical order by default. - -### User Managed Encryption - -User Managed Encryption means that object data is encrypted using a passphrase provided by the user, which is never stored in the satellite's database. The user is responsible for saving/remembering the passphrase, as well as sharing it with any project members who need to access files. - -Because the user manages their own passphrase, when performing certain actions, such as creating an access, listing files, uploading files, etc..., the user will receive additional prompts in the web browser when a passphrase is necessary. This encryption passphrase is never sent to the server, and stays completely client-side. This favors user control of data at the expense of user experience. - -Projects with User Managed Encryption have path encryption enabled by default. Additional steps are necessary to disable path encryption so that it is possible for files to be listed in lexicographical order. - -Although it is not recommended in most situations, User Managed Encryption allows the user to do things like use different encryption passphrases within the same project or bucket. \ No newline at end of file