What data is encrypted in passbolt?
There are three state of data to consider:
- The data in motion (on the wire),
- The data in use (in the memory or file system on the server or client side)
- The data at rest (on the filesystem when the power is off).
For the data in use, it is only passwords that are encrypted. For example, your username, the comments or the list of people you are sharing a password with are not encrypted using OpenPGP, and are stored in plaintext both on the client and server side. Obviously passwords can be available in decrypted form at some point (the later the better), but they will never be stored in plain text on the filesystem on either the client or server side.
For the data in motion, e.g. on the transport layer level, all the communication are encrypted using SSL. The strength of the security at that level is not controlled by the passbolt solution itself but rather a combination of other factors such as the level of security of the organization issuing the certificate and the operating system configuration chosen by the hosting provider.
For the data at rest, for most of the clients and servers, it is also possible to encrypt the database at the file system level as well. This will add another encryption layer that can be useful, for example, in the case where the machine running passbolt is seized or stolen.
Other frequently asked questions in the same category
- How can I report a security vulnerability?
- What data is encrypted in passbolt?
- What kind of encryption does passbolt use?
- Has the code been reviewed?
- How does authentication work in passbolt?
- How can I change my passphrase?
- Is open source software less secure?
- My secret key and passphrase are compromised, what do I do?
- Does passbolt support revocation certificates?
- How are public keys trusted?
- What is the security token?
- Is it secure to use passbolt in its current version?