Create a ticket
Sign in Sign up
Locker support Locker support

No results found.

Home Locker Whitepaper Security Fundamentals Two-secret Key Derivation
Vietnamese English
Two-secret Key Derivation

To ensure the keys stored on the Locker servers can be used only by their owners, Locker applies the two-secret key derivation in symmetric key generation for encryption and decryption of data stored on the servers.

In the encryption step, the user will create a stretched master key as the first secret. Then the Cryptographically Secure Pseudorandom Number Generator will generate a secure random symmetric key to encrypt the data and to serve as the second secret. These two secrets are fed as input to the AES-256-CBC algorithm, which produces a completely new key for storage on the servers.

In the decryption step, the stretched master key again acts as the first secret, and the second secret is the key that is created from the encryption step described above and is retrieved from the servers. These secrets will be used to derive the original symmetric key for data decryption.

Was this page helpful?
Join Our Community