Every LastPass user generates a public/private key pair once (client side). The public key is sent to the server, the private key is encrypted (with their standard local encryption key) and sent to the server. Roles and shared folders are implemented differently, but they both follow the same general model -- When you want to share data with someone else, you pull their public key and use that to encrypt the data. The other person is the only one that can decrypt it (using their private key). All this ensures that users can securely access the information stored in Shared Folders.
Have more questions? Submit a request