Help Search

What kind of encryption does passbolt use?

Passbolt servers never have access to your passwords in clear text. Passwords are encrypted on the client side using a browser extension. The browser extension uses OpenPGP, a standard which provides a combination of strong public-key and symmetric cryptography. The private secret key used to decrypt your password is itself encrypted using a passphrase (aka your master password). On the client side passbolt uses OpenPGP.js as a foundation for all its cryptographic functionalities.

On the server side passbolt uses both the GnuPG Php Extension and openpgp-php in order to perform public key validation and to support the GPGAuth authentication protocol. By default the solution uses SSL to encrypt all communication between the server and the browser.

Not finding what you are looking for? You can also ask the community on the forum.

Talk to a human