What kind of encryption does passbolt use?
Passbolt servers never have access to your passwords in clear text. Passwords are encrypted on the client side using a browser extension. The browser extension uses OpenPGP, a standard which provides a combination of strong public-key and symmetric cryptography. The private secret key used to decrypt your password is itself encrypted using a passphrase (aka your master password). On the client side passbolt uses OpenPGP.js as a foundation for all its cryptographic functionalities.
On the server side passbolt uses both the GnuPG Php Extension and openpgp-php in order to perform public key validation and to support the GPGAuth authentication protocol. By default the solution uses SSL to encrypt all communication between the server and the browser.
Other frequently asked questions in the same category
- How can I report a security vulnerability?
- What data is encrypted in passbolt?
- What kind of encryption does passbolt use?
- How does authentication work in passbolt?
- Is open source software less secure?
- Does passbolt support revocation certificates?
- How are public keys trusted?
- What is the security token?
- How can I change my passphrase?
- My secret key and passphrase are compromised, what do I do?
- How to extend a user expired key
- Is it secure to use passbolt?
- Has the code been reviewed?