What does "have sharing keys in all of their vaults" mean in the wiki page of "Sharing"

[kind03]

Do not quite understand the help / wiki document of the sharing function: https://github.com/nextcloud/passman/wiki/Sharing

What does " this user must have created at least 1 vault and have sharing keys in all of their vaults" mean? Especially "have sharing keys in all of their vaults". If user hasn't shared any keys, he cannot be shared with a key?

[binsky08]

That's just a technical information. As you can also read on that wiki page: "this keys are created by default". On vault creation, at least when using one of the "official" Passman clients, these sharing keys (RSA private/public key pair) are automatically created.

More precisely, a random (symmetric) “shared_key” is created for a shared credential, which is now used instead of the vault password for encrypting/decrypting the credential. This credential “shared_key” is encrypted with the private shared key of the credential owner's vault.
credential.acl.shared_key is the shared key of the user with whom the share was made and this is encrypted with the vault key of the vault with which the share was accepted.
This ensures that client-side encryption/decryption with the respective vault key is ultimately always necessary.

We should create some better understandable graphic for that. Somewhen.

For short: The sharing keys are used to re-encrypt the shared credential.

So as a user, you do not necessarily need to pay attention to this.

Hope that helps :)