Skip to content
/ Advanced-Encryption-PoC Public

How to encrypt and decrypt values in a project and let anyone with access use the data

enkryptify.com

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SiebeBaree/Advanced-Encryption-PoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Encryption PoC

This proof of concept demonstrates how to encrypt and decrypt values in a project and let anyone who has access to the project to use the encrypted values. This PoC uses a zero-knowledge-first approach, meaning that the encryption key is never shared with the backend.

How it works

Enkryptify employs a zero-knowledge-first approach to ensure the secure storage and sharing of secrets. This means that all secrets are encrypted on the client side before they reach our API, guaranteeing that the API cannot access the value of any secret.

When a user logs in, a private key is generated locally using 600,000 rounds of the Password-Based Key Derivation Function 2 (PBKDF2) with SHA256 as the digest. This private key then generates an asymmetrical x25519-xsalsa20-poly1305 key using the TweetNaCl.js library. Only the public key is sent to the server, keeping the private key secure on the client side.

Upon creating a project, a randomly generated project key is encrypted on your device using your public key. The encrypted project key is then sent to the server. The plaintext project key is only temporarily stored in the client's memory and is promptly removed after use. All secret values created are encrypted on the client side using AES-256-GCM with the project key before being sent to the server, thereby maintaining the zero-knowledge-first principle. On the server, they undergo an additional layer of encryption using AES-256-GCM, ensuring double AES protection on both client and server sides. When an admin adds a new user to a project, the admin can encrypt the project key for the new user and update the server.

Certain integrations need secrets to be decrypted on the server for communication with these integrations. Even in these cases, all secrets are securely encrypted. Integrations that compromise the zero-knowledge principle are clearly marked with a red shield icon and trigger a confirmation pop-up. To revert this decision, all integrations marked by the red shield must be disabled.

This PoC is used as research for Enkryptify, a secure secrets management platform that employs a zero-knowledge-first approach to ensure the secure storage and sharing of secrets. Visit enkryptify.com for more information and visit the security page for a detailed explanation of our security measures.

How to run

  1. Clone the repository
git clone https://github.com/SiebeBaree/Advanced-Encryption-PoC.git
  1. Install the dependencies
pnpm install
  1. Run the project
pnpm start

About

How to encrypt and decrypt values in a project and let anyone with access use the data

enkryptify.com

Topics

encryption aes secret-management tweetnacl secrets-manager zero-knowledge-encryption

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages