Each user of the system is represented by an Upspin user name, which looks like
an email address; a public/private key pair; and the network address of a
That directory server holds a hierarchical tree of names pointing to the user’s
data, which is held in a store server, possibly encrypted.
Each item in the tree is represented by a directory entry containing a list of
references that point to data in the store server:
All the users are connected through a central key server at
which holds the public key and directory server address for each user.
This is how the pieces fit together:
From top to bottom, these represent:
- Shared directory and store servers used by multiple users.
- A single-user system with a combined directory and store server.
- A camera served by a special-purpose combined directory and store server.
To illustrate the relationship between these components, here is the sequence
of requests a client exchanges with the servers to read the file
- The client asks the key server for the record describing the owner of the
file, which is the user name at the beginning of the file name (
The key server’s response contains the name of the directory server holding
that user’s tree (
dir.upspin.io) and Augie’s public key.
- The client asks the directory server for the directory entry describing the
file. The response contains a list of block references, which include the
name of the store server (
- The client can then ask the store server for each of the blocks, pipelining
the requests for efficiency.
- The client decrypts the blocks (using Augie’s public key) and concatenates
them to assemble the file.