Move some encryption operations to server side?


We are experiencing performance issue using the GUI to add a user to a group that has large amount of shared logins (>10k logins and >100 users).

If I understood it correctly, at least from the API point of view (I assume same as GUI) that when I add a user to the group, the client has to run the encryption of all passwords with all users in the group before sending the data to the server. The encryption is CPU intensive and having single thread/process(JS) is a bottleneck? Are web workers are being used for concurrency on browser?

If the server has all the public keys of all users, can this kind of public key encryption operations be moved to the server side to use concurrent processing to speed things up? Plus we can beef up the server spec to help on performance issue.


I realised that doing it on server side would result in temporarily exposing the secret to the server which could be against the Passbolt design.


Even the sensitive info is temporarily exposed, it’s no worse than most of the websites that save user passwords in hashes (hash+salt). The passwords are still temporarily exposed to the servers. I guess as long as it makes sure no where else keeps it then it’s not too bad?

The advantage of processing a huge request on server side is that it can block other incoming requests potentially change the state.

Hi James,

exactly that’s the point.
If that doesn’t fit your needs maybe passbolt ist the wrong product for u to manage such a huge amount of passwords to such a huge amount of users.

Changing a single password should not be the problem. To move a folder with hundreds of passwords and permission to tens of users could be a pain.

Using a more fine granulated rights management is not an issue for You?

For our point of view it’s the BIG BIG BIG feature of passbolt to have a shared (and secured) web database as well as local encryption.