It should be possible for a user to reset their password and rotate their encryption keys. They might do this to lock out a device that has become compromised.
The process requires the old and new passwords. Given those, each document in the encrypted copy is re-encrypted using the new password and key. The executor of this rotation sets a rotating property on the _local/comdb document, and then unsets it once the rotation completes. The database will be in an intermediate state during this period; applications that encounter "Could not decrypt!" errors at this time should prompt the user for the new password and then wait for the _local/comdb) document to lose the rotating property.
It should be possible for a user to reset their password and rotate their encryption keys. They might do this to lock out a device that has become compromised.
The process requires the old and new passwords. Given those, each document in the encrypted copy is re-encrypted using the new password and key. The executor of this rotation sets a
rotating
property on the_local/comdb
document, and then unsets it once the rotation completes. The database will be in an intermediate state during this period; applications that encounter "Could not decrypt!" errors at this time should prompt the user for the new password and then wait for the_local/comdb
) document to lose therotating
property.