Encryption and Data Security at Svayy
At Iridium Works GmbH, we understand the importance of maintaining the security and privacy
of your data. Svayy uses advanced cryptographic methods to ensure that your data is protected
from unauthorized access, both from external parties and from Svayy itself.
Encryption Techniques
For more detailed informationon this topic please visit our article:
https://wiki.svayy.app/docs/Encryption
- Titles, descriptions, texts
Textual data such as routine titles are encrypted on the client side using AES-GCM, with the key being derived deterministically on the client side from the user's cleartext password.
- Passwords
Your passwords never leave the client, either in the web or the app. In order to log in, the client first hashes his password with sha256 in order to prevent the Svayy server, or anyone with access to it, to decrypt the stored data.In order to safeguard you from losing all your data in the event that you forget your password, we have implemented the recovery kit.
- The Recovery Kit: Your Safety Net
The Svayy server generates a RSA-OAEP (with SHA-512) key pair. The client receives the public key in order to generate a recovery kit text file. The client encrypts his cleartext password using the public key, and is reminded to store that file in a safe place.
Your recovery kit should never be communicated to Svayy, or anyone else for that matter, but without the private key stored on the Svayy server the recovery kit alone cannot be used to perform any malicious action.
At any point in time, a user can request a new recovery kit, which wipes the old public/private key from the Svayy servers and forces the client to download the newly generated kit, rendering the old kit useless, as nobody will ever be able to decrypt it from that point on.
Hashing for Security
Svayy uses SHA-256 to hash passwords on the client side before they are sent to the server.
This measure prevents the possibility of password decryption at the server level.