🚧 This is beta documentation for Codebook version 5.3.0, which has not yet been publicly released.
Securely Share passwords and other data over Codebook Cloud.
Codebook Secure Sharing allows users in the same account, and users in separate accounts, to share entry records with each other, after establishing trusted contacts. The process of setting up trusted contacts allows us to establish secure public key exchange between Codebook Cloud users.
Every Codebook Cloud user has a randomly generated ML-KEM and ML-DSA key-pair. The private key for each pair is stored in the locally encrypted Codebook database, and synced to your other devices securely via Codebook Cloud encrypted by your Sync Key just like your other passwords and credentials. The public key for each pair is stored in Codebook Cloud and made available to your contacts.
When you share an entry with another Codebook Cloud user, it is first packaged up into a changeset database, encrypted with a one-time, random key, which is itself encapsulated and protected using the recipient's ML-KEM public key. Then the payload is signed using the sender's ML-DSA private key.
Upon receipt, the signature provided is verified via the sender's ML-DSA public key, and then the random secret key is de-encapsulated using the recipient's ML-KEM private key, and that secret is then used to decrypt the changeset database payload.
Finally, the changeset database is used to import the entry and all its fields and attachments into the locally encrypted Codebook database. From there, Codebook Cloud will securely sync the entry to your other devices, this time encrypted with your Sync Key.