We launched our new service for sending files with end-to-end-encryption right from your browser.
If you want to learn more about how Boxcryptor works, you are in the right place here. Read on for deeper information about certain technical aspects of Boxcryptor.
Encryption Keys Used in Boxcryptor and Their Functions
Every user, group and company has the same set of keys, which are an RSA key pair (private and public) and additional AES keys for specific purposes. Company keys are optional and are only set when the Master Key policy is used.
User keys, group keys and company keys
Boxcryptor uses additional AES keys. Generally, keys are never re-used for multiple purposes. Currently, the following additional AES keys are used in Boxcryptor. If required by new features, this list might grow in the future.
Additional AES keys
Boxcryptor Server – What User Data we Store
All data that we store on our servers is secured and protected. In order to provide a seamless user experience over a number of different devices and with core features such as file access sharing, Boxcryptor needs to store some data on the Boxcryptor server.
General user data that we store
Keys and additional values
Data we store when you are part of a group
Data we store if you are part of a Company Package
Data Privacy – How we Protect the Data on our Servers
Due to Boxcryptor's zero-knowledge nature, all sensitive information that reaches the Boxcryptor server is already encrypted (for example private RSA keys) or otherwise non-retrievable (for example the password hash. In order to further increase security, all sensitive data and personal information is encrypted additionally, before persisted to the database.
The database encryption key is only available to the application during runtime. In case of a database breach, an attacker would only be able to get access to encrypted data.
Of the data that we store, your email address, your private RSA key and your password are the most sensitive values. This is how we protect them.
Private RSA key
Data Privacy+ with Zero Knowledge – Full Control Over Your Data
Boxcryptor is a zero knowledge provider. Any private and sensitive information will always be in encrypted form, protected by the user’s password – which we do not know and have no way of finding out. Only public keys are in plain text.
Passwords, password keys and file keys never leave the users’ devices and are never transferred anywhere or to anyone. User keys, group keys, and company keys are stored on the Boxcryptor server, but in encrypted form. All encryption operations take place on your device – never on our servers.
The starting point for every decryption process is the user’s password key as this one is required to unlock the private key and the wrapping key, which again are required to unlock all other keys in the system (AES keys, file keys, membership keys, group keys, etc.). The password key, however, never leaves the user's device. Even though the Boxcryptor server stores keys for all users, Boxcryptor is a zero knowledge provider, because the sensitive keys are already received in encrypted form.
The only types of keys stored in plaintext on the Boxcryptor server are public keys, which do not contain any sensitive information and, as these are public, do not need to be kept confidential.
Password Security – How we Protect Your Password
A user’s password never leaves his or her device and Boxcryptor never submits the password anywhere. The password is used for two purposes: User authentication and decryption of the user’s private key. In both cases, Boxcryptor does not use the password itself, but derivatives called the password key and password hash.
In conclusion, your password is hashed and sent to us in this hashed form, when you want to authenticate yourself during sign in to Boxcryptor. Before the hash value is stored to our database, we hash it again, so that potential attackers have an even harder time to figure out your password.
How we Manage Users, Groups and Companies
A user is someone who creates a Boxcryptor account and is identifiable by his/her email address and his/her user keys. The user keys are generated on the user’s device during the account set-up and creation. Before the keys are submitted to the Boxcryptor server, the sensitive information is encrypted so that only the user has access to it.
The private RSA key is encrypted with the user’s password key so that knowledge of the password is required to decrypt the private RSA key. The wrapping key is encrypted with the user’s password key so that only someone who knows the password can decrypt the wrapping key. All other AES keys are encrypted with the wrapping key so that access to the wrapping key is required to decrypt any other AES key.
How the User is Authenticated
When a user creates a Boxcryptor account, Boxcryptor derives the password hash from the user’s password. This password hash is used for all subsequent authentication operations. Only a hash of the password hash is stored on the Boxcryptor server - the password hash itself is never stored. See below, how it works in detail.
A user creates a Boxcryptor account
A user logs in and authenticates himself
Note: This process is only required to authenticate the user against the Boxcryptor server - not to get access to the encrypted files. Access to the encrypted files always relies on the correct decryption of the user’s private key which requires the knowledge of the correct password. Even if an attacker would be able to fake authentication – for example by hacking the Boxcryptor server – he would not be able to decrypt a single file without knowing the correct password, which is only known by the user himself.
How Boxcryptor Encrypts and Decrypts Files
Boxcryptor implements a combined encryption process based on asymmetric RSA and symmetric AES encryption. Every file has its own unique random file key which is generated when the file is being created. The file key is used to encrypt and decrypt the contents of the file as can be seen below in more detail.
How File Access Sharing Works
Which processes does Boxcryptor perform, when you allow a colleague to access a file or folder? What happenes, when you share access with a group where your colleague is a member? Imagine your name is Alice and your colleague is called Bob.
Sharing file access with one person
Sharing file access with a group
Resetting Passwords in the Company Package – This is How the Master Key Works
Due to Boxcryptor’s zero-knowledge nature, if you forget or lose your password, you lose access to your files. Without the password, it is not possible to decrypt a user’s private key and thus it is not possible to decrypt any files. However, if a company has enabled the Master Key feature, the company can make use of the password reset feature. The Master Key feature gives the administrator of a company the power to decrypt private keys of all users which belong to the specific company. This also gives the company the possibility to set a new user password by simply re-encrypting the user’s private key with a new password.
Boxcryptor offers a special company account with additional features especially designed for businesses and organizations, for example password reset, policy management, and a Master Key. The Master Key feature gives companies the power to decrypt every file which is accessible by the users of the specific company - without having to know their passwords. With the Master Key, companies can ensure that the company does not lose access to its property (files) even in difficult situations, such as when a user forgets his or her password or leaves the company. In the following examples, the Master Key feature is activated and Alice is part of the company.
Alice creates or changes her password
The company needs access to Alice’s files
Alice forgot her password and wants to reset her password
Why and When Boxcryptor Requires an Internet Connection
Boxcryptor requires an internet connection to send and receive data to and from the Boxcryptor server. Specifically, the following use cases require an internet connection.
When an internet connection is necessary
Working offline with Boxcryptor
Users that are required to keep physical control over their user information and keys can choose to use Boxcryptor with a local account instead of a Boxcryptor account stored at the Boxcryptor Key Server. When using a local account, all user information and key data is stored in a key file on the local device instead of being transmitted to the Boxcryptor Key Server. Local accounts can be converted to Boxcryptor accounts (and vice versa) at any time.
Sharing access to files and folders is not available when using a local account because it requires Boxcryptor accounts and access to the Key Server. Additionally, it is the user’s responsibility to take care of the key file - copying it to other devices, creating backups, etc. If the key file is lost, access to all encrypted files will be lost! (Tip: As the sensitive information in the key file (e.g. private keys) is encrypted, users can store the key file in their cloud storage.)
Which Cryptographic Libraries are Used in Boxcryptor
In order to perform the actual low level encryption and random number generation, Boxcryptor relies on established and proven third-party libraries. Depending on the platform and purpose, Boxcryptor uses either popular open source libraries or libraries which are part of the underlying operating system. The following libraries are used.
See who is using Boxcryptor
The Boxcryptor Company Package already helps people from a variety of industries to protect their most valuable information. Have a look at our customer stories to find out how our customers successfully use Boxcryptor.