Blackbox report finding 2.4: When a new member is added to a keyring, they receive the current group key which can decrypt all documents in the current rotation — including those uploaded before they joined. Fix: rotate the group key on add_member (lazy forward secrecy). The new member gets the new GK and can only decrypt documents uploaded after their addition. Pre-addition documents remain wrapped under the old GK, which only existing members have in key_history. Implementation: in add_member.rs, after wrapping GK to the new member, generate a new GK, archive the old rotation into key_history, re-wrap new GK to all members (including the new one). This is the same rotation flow as remove_member but triggered on add.
Blackbox report finding 2.4: When a new member is added to a keyring, they receive the current group key which can decrypt all documents in the current rotation — including those uploaded before they joined. Fix: rotate the group key on add_member (lazy forward secrecy). The new member gets the new GK and can only decrypt documents uploaded after their addition. Pre-addition documents remain wrapped under the old GK, which only existing members have in key_history. Implementation: in add_member.rs, after wrapping GK to the new member, generate a new GK, archive the old rotation into key_history, re-wrap new GK to all members (including the new one). This is the same rotation flow as remove_member but triggered on add.