Skip to main content

Data Decryption

User data in the secret vault has been fully encrypted before being saved to the Locker database. This data is only decrypted on the Locker Client so that users can access and view it. Similar to the data encryption process, the decryption process is only performed if and only if account authentication has been successfully completed beforehand and is entirely performed on the Client side. The decryption process consists of the following steps:
  • The Client retrieves the Encrypted Symmetric Key and Encrypted Vault Item from the Locker server.
  • The Client uses the Master Password entered by the user to generate the Stretched Master Key.
  • The Client uses the Stretched Master Key and the AES-CBC-256 algorithm to decrypt the Encrypted Symmetric Key, obtaining the Symmetric Key.
  • The Client decrypts the Encrypted Vault Item using the AES-CBC-256 algorithm with the Symmetric Key as the key.
  • The Client obtains the Vault Item and displays it to the user.
The detailed data decryption process is described in the diagram below. Data decryption diagram