To get read access to a private tree/filesystem you need a read (AES) key.
The current flow for this goes as follows:
On filesystem creation:
- Filesystem creation happens simultaneously with account creation, thus both take place in the lobby.
- A read key is generated and stored in the local indexedDB.
- Using that same key we create the new private filesystem instance.
On device linking:
- In the lobby we take the locally stored read key and pass it securely to the other device.
- Other device stores it in the same way.
On app linking/authorisation:
- We get the read key from storage.
- Load the filesystem with it.
- When the filesystem is loaded we get the other read keys we need for the specific folders we grant the app access to.