Each Redstor backup account has its own encryption key, which is used to encrypt that account’s data during the backup process. If this encryption key is lost (e.g. if the machine hosting that account's backup client dies and the user cannot remember the encryption key), there is no way to access the backed-up data (not even for Redstor employees). In managed environments, a group administrator may wish to avoid this scenario by protecting the encryption keys so that they can be recovered if necessary. This is where group certificates come in.
A Redstor group certificate contains a pair of keys: one that can be shared publicly, and one that remains private. Any information (such as encryption keys) that is encrypted with the public key can only be decrypted with the private key.
The group certificate key pair is generated from the group administrator's Management Console. The private key is then stored within that administrator's Console, protected by a passphrase selected by the administrator themselves. The public key, in turn, is sent to Redstor as part of a group certificate request. Since access to encryption keys also allows access to the backed-up data, we first verify that the requesting administrator has been appropriately authorised by their organisation before signing the certificate. Encryption keys are only captured if a valid, signed certificate is present. The administrator then uploads the signed certificate to the Storage Platform.
From now on, whenever an encryption key is provided by a backup client in order to perform a backup, that key is encrypted using the public key from the group certificate, and stored in the relevant AccountServer database. The encryption key's encrypted value can only be decrypted by the private key of that group certificate, which is stored securely in the group administrator's Console.
In short: the only way to get to a backup client's encryption key (and therefore its backed-up data) is to have access to the private key stored in the group administrator's Console and to the passphrase created by the group administrator. No-one but the group administrator who requested the group certificate can therefore access the encryption keys of a group's backup accounts.