Each Redstor backup account has its own encryption key, which is used to encrypt that account’s data during the backup process. If this encryption key is lost (e.g. if the machine hosting that account's backup client dies and the user cannot remember the encryption key), there is no way to access the backed-up data (not even for Redstor employees). In managed environments, a group administrator may wish to avoid this scenario by protecting the encryption keys so that they can be recovered if necessary. This is where group certificates come in.
A Redstor group certificate contains a pair of keys: one that can be shared publicly, and one that should remain private. Any information (such as encryption keys) that is encrypted with the public key can only be decrypted with the private key.
A group certificate key pair can be generated from the group administrator's Management Console. The administrator also selects a passphrase to protect the private key, and the passphrase is stored within their Console. The public key, in turn, is sent to Redstor as part of a group certificate request. Since access to encryption keys also allows access to the backed-up data, we first verify that the requesting administrator has been appropriately authorised by their organisation before countersigning the certificate. The administrator then uploads the signed certificate to their Console.
From now on, whenever an encryption key is provided by a backup client in order to perform a backup, that key is encrypted using the public key from the group certificate, and stored in the relevant AccountServer database. The key's encrypted value can only be decrypted by the private key of that group certificate, which (like the group certificate passphrase) is securely stored within the group administrator's Console. As long as the administrator ensures that no-one else has access to the private key, no-one (including Redstor) can access either the encryption keys or the backed-up data of the group's accounts.