|Add-on:||Security and Encryption for Confluence|
|Question:||Can you further explain the encryption process and encryption keys being used?|
To break this down:
Q. Could you please explain the encryption process?
Q. Where are the PGP encryption keys kept?
Q. Is there a way for server, database or Confluence admins to decrypt the data?
A. Confluence decrypts the stored encrypted secret using its private key and then re-encrypts using the received key (128-bit) from viewer, and then sends it back to the browser. Once the browser received the encrypted content, the same key (128-bit) is used to decrypt the content. Hence it is not possible to decrypt the data from the server or database. Only from the Confluence page and using the right credentials. Note that Confluence admins can still recover access to secrets.