What kind of encryption does passbolt use?
Passbolt servers never have access to your passwords in clear text. Passwords are encrypted on the client side using a browser extension. The browser extension uses OpenPGP, a standard which provides a combination of strong public-key and symmetric cryptography. The private secret key used to decrypt your password is itself encrypted using a passphrase (aka your master password). On the client side passbolt uses OpenPGP.js as a foundation for all its cryptographic functionalities.
On the server side passbolt uses both the GnuPG Php Extension and openpgp-php in order to perform public key validation and to support the GPGAuth authentication protocol. By default the solution uses SSL to encrypt all communication between the server and the browser.
Other frequently asked questions in the same category
- How can I report a security vulnerability?
- What data is encrypted in passbolt?
- What kind of encryption does passbolt use?
- Has the code been reviewed?
- How does authentication work in passbolt?
- How can I change my passphrase?
- Is open source software less secure?
- My secret key and passphrase are compromised, what do I do?
- Does passbolt support revocation certificates?
- How are public keys trusted?
- What is the security token?
- Is it secure to use passbolt in its current version?