On this page, you’ll learn:

  • PKCS

  • Version-Control

  • How PKCS works

StoryServer PKCS and Version-Control Repository

User is cautioned to backup Server-keys, Machine-level keys, keep the 2FA Authenticator or 2FA key in safe place.
User is cautioned to maintain the phone number subscription used for 2FA, as expiry may mean it would be allocated to another party, and the party may use it to intercept 2FA requests.
If encryption is enabled, only local search is enabled.

A PKCS is a Public Key CryptoSystem

  1. When you create a new shared file, you create an initial root-certificate "RC".

  2. From the root certificate, you create your intermediate certificate "IC". This will sign all StoryServers organizations at your site.

  3. From the intermediate certificate you create your end-user accounts "EUA", which contains 4 certificate chains for each user-

    • Public, external Chain - to share files with other organizations. This allows restriction of files to specified, outside the IC.

    • Public, Internal Chain - certificates to unlock files within all users of the Intermediate certificates. This allows restriction of files to specified users which uses your IC. * Private Chain - to access Private files Only.

    • Secret Chain - no ability to export, machine level secrt-keys, 2FA required to open file.

  4. The server creates Traveling Certificates "TC" to exported files.

  5. StoryServer contains a certificate list of external users.

  6. The external certificate and TC are used to encrypt files to send to that user. Only that user can decrypt that file-fragment. The TC certificate is kept as an insurance. Once the TC is revoked, the user cannot access the encrypted data.

  7. Any data marked as "Private" or "Secret" cannot be exported nor emailed.

  8. Since they are private to that user, it requires the user to manually convert items, folders from 'Private' to 'Public, Internal Chain'.

  9. Anytime an ecrypted StoryServer file is opened, a SSL-session is created with the StoryServer. StorySever calls home to the PKCS to validate revoked certificates and users.


A StoryServer file is broken down into fragments containing folders, items and images. Each file are stored separately in a zero-knowledge environment, in your own server environment.