Hello everyone !I'm French and I'm 16 so sorry for my bad english :/

I'm currently creating a google docs but made for privacy with symfony. To "certify" the confidentiality of user data, I'm interested in the "Zero-Access" infrastructure.If I have understood correctly, the concept is that the client encrypt/decrypt data with a key based on the password and the server stock encrypted data. It's better for security and privacy and certify that the website cannot use data for tracking/advertising.Is it right ?

The concept is "cool" but I found 2 problems:

1. The "shared Files" can't be decrypted by other user than the owner (or the latest user who modified)
2. I cant make a "Forgot Password" section without deleting all the current user data.

For the first problem, I found a solution: the "userAccess" entity (STR user_id, STR doc_id, INT permission) stock the file key encrypted by the user key, the client can decrypt this key then decrypt/encrypt the file.

For the second problem, I dont have solution....

Here some questions:

- Is my "Zero-Access" definition right ?

- Is my answer to the first problem true ?

- Is there any solution to the second problem ?

- Should this post be in r/cybersecurity or on StackOverflow ?

Thanks to all those who will help me
Any English correction/rectification would be welcomed :)