We are excited to share that we are set to begin a new chapter with Dropbox, Inc. Dropbox is acquiring our IP technology to embed natively into the Dropbox product, bringing end-to-end, zero-knowledge encryption to millions of business customers around the world. Check out our blog to find out more!

Hero Default Background

AES and RSA Encryption

This is How Encryption with Boxcryptor Works

We encrypt files and thus provide increased protection against espionage and data theft. For encryption, we use a combination of AES-256 encryption and RSA encryption. Here we explain the two algorithms.

AES-256 Encryption

Advanced Encryption Standard (AES) is one of the most frequently used and most secure encryption algorithms available today. It is publicly accessible, and it is the cipher which the NSA uses for securing documents with the classification "top secret". Its story of success started in 1997, when NIST (National Institute of Standards and Technology) started officially looking for a successor to the aging encryption standard DES. An algorithm named "Rijndael", developed by the Belgian cryptographers Daemen and Rijmen, excelled in security as well as in performance and flexibility.

It came out on top of several competitors and was officially announced the new encryption standard AES in 2001. The algorithm is based on several substitutions, permutations and linear transformations, each executed on data blocks of 16 byte – therefore the term blockcipher. Those operations are repeated several times, called “rounds”. During each round, a unique roundkey is calculated out of the encryption key, and incorporated in the calculations. Based on the block structure of AES, the change of a single bit, either in the key, or in the plaintext block, results in a completely different ciphertext block – a clear advantage over traditional stream ciphers. The difference between AES-128, AES-192 and AES-256 finally is the length of the key: 128, 192 or 256 bit – all drastic improvements compared to the 56 bit key of DES. By way of illustration: Cracking a 128 bit AES key with a state-of-the-art supercomputer would take longer than the presumed age of the universe. And Boxcryptor even uses 256 bit keys. As of today, no practicable attack against AES exists. Therefore, AES remains the preferred encryption standard for governments, banks and high security systems around the world.

RSA Encryption

RSA is one of the most successful, asymmetric encryption systems today. Originally discovered in 1973 by the British intelligence agency GCHQ, it received the classification “top secret”. We have to thank the cryptologists Rivest, Shamir and Adleman for its civil rediscovery in 1977. They stumbled across it during an attempt to solve another cryptographic problem.

As opposed to traditional, symmetric encryption systems, RSA works with two different keys: A public and a private one. Both work complementary to each other, which means that a message encrypted with one of them can only be decrypted by its counterpart. Since the private key cannot be calculated from the public key, the latter is generally available to the public.

Those properties enable asymmetric cryptosystems to be used in a wide array of functions, such as digital signatures. In the process of signing a document, a fingerprint encrypted with RSA, is attached to the file, and enables the receiver to verify both the sender and the integrity of the document. The security of RSA itself is mainly based on the mathematical problem of integer factorization. A message that is about to be encrypted is treated as one large number. When encrypting the message, it is raised to the power of the key, and divided with the remainder by a fixed product of two primes. By repeating the process with the other key, the plaintext can be retrieved again. The best currently known method to break the encryption requires factorizing the product used in the division. Currently, it is not possible to calculate these factors for numbers greater than 768 bits. That is why modern cryptosystems use a minimum key length of 3072 bits.

How Boxcryptor Encrypts and Decrypts Files

Boxcryptor implements a combined encryption process based on asymmetric RSA and symmetric AES encryption. Every file has its own unique random file key which is generated when the file is being created.