Locker Password Manager (also referred to as Locker) is a cross-platform password management solution: Locker can be used as a Web, Mobile, Browser Extension, and Desktop application.

Trusted Data Access: We make sure you can reliably and securely manage and access your confidential data whenever and wherever you need it, whether you are offline or online.

To ensure the keys stored on the Locker servers can be used only by their owners, Locker applies the two-secret key derivation in symmetric key generation for encryption and decryption of data stored on the servers.

A cryptographic hash function is an algorithm that maps data of an arbitrary size to a bit array of a fixed size.

The Master Password is an important secret component in Locker’s Two-secret Key Derivation process, and is the only item a user needs to memorize for data encryption and decryption.

The other component of the Two-secret Key Derivation is the Encryption Keys, generated when a user registers a Locker account.

A system with End-To-End Encryption is a communication system in which all data can be read and modified only by the conversation participants.

Zero-Knowledge Proof is a method for one party (the prover) to prove to another party (the verifier) that a statement of the prover is true without telling the verifier that statement.

AES-256-CBC (Cipher Block Chaining), the algorithm used to encrypt Vault, is a standard cryptographic algorithm and is used by the US government and other government agencies worldwide.

The PBKDF2 (Password-based Key Derivation Function 2) SHA-256 algorithm is for generating Encryption Keys from a user’s Master Password.

An RSA key pair consists of a Private Key and a Public Key. The RSA algorithm is often used for digital signature verification and key exchange problems.

The secret data storage or Vault is where all encrypted data of users is stored on the Locker servers. All of the Vault data cannot be decrypted or read without the Vault owner’s Master Password.

A pseudorandom number generator (PRNG) is an algorithm for generating a sequence of numbers whose properties approximate those of a sequence of random numbers.

Registering a Locker account needs 2 main steps: Sign up for a Locker account and Create a Master Password.

Similar to Account Registration, Account Authentication involves 2 steps: Authenticate the Locker account and Authenticate the Master Password.

Locker uses the AES-256-CBC Encryption algorithm to encrypt Vault and uses the Password-based Key Derivation Function 2 algorithm to generate encryption keys for the AES-256-CBC Encryption.

User data in the Vault has been fully encrypted before being saved to the Locker database. The data will be decrypted only at the Locker Client for users to access and view.

In addition to offering users an option of managing their confidential data with the Vault and security keys, Locker enables users to create Organizations or User Groups for sharing confidential data among group members.

When a Locker user initiates an Organization to share data, the following actions are performed: The Client generates an Org Symmetric Key encryption key for the Organization using the Cryptographically Secure Pseudorandom Number Generator.

One purpose of Organization Initialization in Locker is to share data among group members.

Locker uses cloud services from some of the world’s leading providers for its infrastructure. These suppliers all have to meet minimum industry standards.

Product Security is paramount to Locker before we bring the product to users. We believe that securing a product is not a one-time event but a continuous process.