SafeBox employs crypto standards to encrypt both meta data (keys, file name, etc) and data. It solely relies on two key technologies:

  • AES: a specification for the encryption of electronic data established by the U.S (read more)
  • RSA: the Rivest-Shamir-Adleman cryptosystem, a cryptosystem for public-key encryption (read more)


Whenever you select Dropbox, Google Drive or local storage, the same encryption and decryption process is applied to process your meta data and data.


Key concepts

  • Passphrase: Passphrase is the first thing that you should provide to SafeBox. It's used to encrypt and decrypt meta data and data. The more sophisticated passphrase is, the more security is. As passphrase is the crucial element to access your data, it's NOT persistent anywhere. Remember it or you lost your data!.
  • AES keys: use to encrypt and decrypt file name and data
  • RSA private key: decrypt encrypted AES keys
  • RSA public key: encrypt AES keys.
  • Salt: Random data that is used as an additional input to a one-way function that hashes a password or passphrase. (read more)


Remember your passphrase or you will lost your data! Do not ask us your passphrase!


How SafeBox generates keys

Keys are generated randomly at the first time you select a storage:

  • Generate random 24 byte salt

  • Generate AES key with 256 bits key length

  • Generate RSA key with 1024 bits key length

  • Hash passphrase using PBKDF2 with HMACSHA512, 4096 iterations and the generated 24 byte salt.

How SafeBox encrypt and decrypt keys

Encryption

  1. Encrypt the AES key with the Public RSA key
  2. Encrypt the Private RSA Key with the user’s passphrase and the random 24 byte salt using PBKDF2

Decryption

  1. Decrypt the encrypted Private RSA key with the user’s passphrase
  2. Decrypt the encrypted AES key using the Private RSA key

Used Algorithms

  1. AES with a key length of 256 bits, EBC (Electronic Codebook) and PKCS7 padding.
  2. RSA with a key length of 1024 bits, EBC (Electronic Codebook) and PKCS1 padding 
  3. PBKDF2 with HMACSHA512, 8192 iterations and the random 24 byte salt.

How SafeBox encrypt and decrypt data

Encryption

  1. Decrypt keys with the user’s passphrase
  2. Encrypt file/folder name the AES key
  3. Encrypt file's content using the AES key

Decryption

  1. Decrypt keys with the user’s passphrase
  2. Decrypt file/folder name with AES key
  3. Decrypt the encrypted data using the AES key

Used Algorithms

  1. AES with a key length of 256 bits, EBC (Electronic Codebook) and PKCS7 padding.
  2. RSA with a key length of 1024 bits, EBC (Electronic Codebook) and PKCS1 padding