Private key protection
The security of Cypherdog customer’s data is based on the confidentiality of their private keys. Each user's private key is generated only by client applications using the RSA algorithm and is additionally encrypted with the client’s password. The most important principle implemented by all system components is a principle of the absolute protection of the private key. This key or any part of it never leaves the user's device. This is the only and best way to ensure data confidentiality in the system.

Confidentiality and integrity
This solution has many advantages such as undeniable confidentiality and integrity of stored and transmitted information. However there is one quite significant limitation; if the user loses their private key they will not be able to recover their data. The master system does not offer any private key recovery function. To protect data against loss, the user should for that reason use a client application to make a copy of his private key to a portable disk or print its representation in the form of a QR code and keep a copy of the key in a safe place. Options for making a copy of the key are available in the desktop application and can be performed after registration in the system. All cryptographic data generated during the information lifecycle is derived from the private key owned by the user. Therefore, the strength of the private key is uncompromised to avoid computational attacks aimed at its reproduction.

Security in the era of quantum computers
Security in the era of quantum computers According to NIST (National Institute of Standards and Technology), if there is no radical breakthrough in technology (e.g. the introduction of quantum computers), 2048-bit asymmetric keys should be secure by 2030. To safeguard the confidentiality of Cypherdog user’s data in an improved way, client applications use keys with a length of 3072 bits, which ensures data confidentiality for a secure long period after 2030.


Private key generation

Algorithm: RSA
Parameters: asymmetric key length 3072 bits, key encrypted with AES256 output
Function parameters: Initialization vector 16 bytes, Cipher: AES / CBC / PKCS5Padding

The key on the customer's carrier always remains in encrypted form.

File encryption

Algorithm: SHA256 + RSA
Parameters: symmetric key length: 256 bits, symmetric key encrypted with RSA algorithm

RSA algorithm parameters: Cipher: RSA / ECB / PKCS1Padding

The file after the encryption operation can be read only by the designated recipient.

Encrypt address book

SHA256 + AES256 + RSA
Parameters: Symmetric key length: 256 bits

Storing files in the cloud

Algorithm: SHA256 + RSA