Hacker News new | comments | show | ask | jobs | submit login

There are two modes presented in the paper: single-user and multi-user. In single user, the proxy has a master key in which it derives all other necessary encryption keys from. In multi-user mode, keys are generated from a user's password and the database schema is annotated to identify who's keys can decrypt which data.

So for your proposed example, you would likely run in single user mode and it would work just fine.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact