Security

Private key protection
The security of Cypherdog customers' data is based on the confidentiality of their private keys. Each user's private key is generated only by client applications using the RSA algorithm and is additionally encrypted with the client password. The most important principle implemented by all system components is the principle of absolute protection of the private key - this key or any part of it never leaves the user's device. This is the only and best way to ensure data confidentiality in the system.

Confidentiality and integrity
This solution has many advantages, among others, undeniable confidentiality and integrity of stored and transmitted information, but for one quite significant limitation - the user after losing the private key will not be able to recover his data. The master system does not offer any private key recovery function. To protect data against loss, the user should for that reason use a client application to make a copy of his private key to a portable disk or print its representation in the form of a QR code and keep a copy of the key in a safe place. Options for making a copy of the key are available in the desktop application and can be performed after registration in the system. All cryptographic data generated during the information lifecycle is derived from the private key owned by the user. Therefore, the strength of the private key to computational attacks aimed at its reproduction is of fundamental importance.

Security in the era of quantum computers
According to NIST (National Institute of Standards and Technology), if there is no radical breakthrough in technology (e.g. the introduction of quantum computers), 2048-bit asymmetric keys should be secure by 2030. To safeguard the confidentiality of cypher.dog users' data in an even better way to a large extent, client applications use keys with a length of 3072 bits, which should ensure data confidentiality for a secure long period after 2030.

Cryptography

Private key generation

Algorithm: RSA
Parameters: asymmetric key length 3072 bits, key encrypted with AES256 output
AES256
Function parameters: Initialization vector 16 bytes, Cipher: AES / CBC / PKCS5Padding


The key on the customer's carrier always remains in encrypted form.

File encryption


Algorithm: SHA256 + RSA
Parameters: symmetric key length: 256 bits, symmetric key encrypted with RSA algorithm

RSA algorithm parameters: Cipher: RSA / ECB / PKCS1Padding


The file after the encryption operation can be read only by the designated recipient.

Encrypt address book

Algorithm: SHA256
Parameters: Symmetric key length: 256 bits

Storing files in the cloud


Algorithm: SHA256 + RSA

Download the app