CommonKey's cryptography was developed to secure sensitive data and enable our users to share account credentials with trusted individuals.
To support the distribution of shared account information to trusted individuals, we implement a combination of 256-bit AES and 2048-bit RSA encryption, paired with TLS 1.2 cryptographic protocols for data transport, 5000 round PBKDF2 for symmetric key generation, and SHA cryptographic hash functions for message hashing.
When our users create a CommonKey account, a unique "key" is created that serves as the only means to decrypt their data. The data at rest on our cloud server, in transit, and at rest on their local machine stays encrypted at all times (host proof hosting). Data is decrypted on the local machine only when requested by the user through either the dashboard or browser extension interface. Once the user's call for data is complete, it returns to its fully encrypted state.
Sharing of data (e.g. accounts) is accomplished by establishing secure "relationships" between two users through an invitation process. The construct of these "relationships" enables our users to only share a specific set of data. Once the user who controls the data no longer desires to share with the other user, terminating the relationship removes the ability to access the specific data.
Anyone (including the CommonKey team) does not have access to a user's encrypted data as we believe our user's private information should be just that, private. This methodology has proven to be the optimal approach in ensuring our users and their companies are protected with the highest level of security possible, while still being able to share private information with trusted individuals.
Our cryptography approach protects our users' sensitive information from brute force attacks and intractability of mathematical problems (e.g. integer factorization), while still allowing for sharing with trusted individuals and access from multiple locations and machines.
Have more questions? Contact us at firstname.lastname@example.org.
We built CommonKey to provide a critical missing solution for small businesses, team password sharing and management. We've gone through extensive measures to verify our security protocols to ensure your data is secure when it's transmitted and stored with us. However, in the security world, there will always be known vectors intruders could use to capture your sensitive information. The following list are some of the known vectors that could lead to a compromise for individual CommonKey accounts and countermeasure recommendations to help you safeguard against such attacks.
We also feel it's important to share the Microsoft TechNet Essay, "Ten Immutable Laws of Security" by Scott Culp (link), regarding some generalities with regards to online security and anticipated vulnerabilities based on user's computer uesage and interactions.
Based on the Rijndael cipher, Advanced Encryption Standard (AES) was announced by the United States National Institute of Standards and Technology (NIST) in 2001 as US Federal Information Processing Standard Publication (FIPS PUB) 197, and has been validated through FIPS PUB 140-2. It currently serves as a federal government standard (approved by the Secretary of Commerce) and is included in the ISO/IEC 18033-3 standard. It is used by the National Security Agency (NSA) for top secret information. AES currently holds AES winner, CRYPTREC, NESSIE, and NSA certifications.
RSA (named after Ron Rivest, Adi Shamir, and Leonard Adleman) is where a user creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key. The prime numbers are kept secret. Messages can be encrypted with the public key, only decrypted with knowledge of the two prime factors. RSA currently holds PKCS#1, ANSI X9.31, and IEEE 1363 certifications.
Transport Layer Security (TLS) is the predecessor to Secure Sockets Layer (SSL) that provides communication security over the Internet through the use of asymmetric cryptography for authentication of key exchange, symmetric encryption for confidentiality and message authentication codes for message integrity. TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.
Password-Based Key Derivation Function 2 (PBKDF2) is a key derivation function that is part of RSA Labs' Public-Key Cryptography Standards (PKCS) series, which applies a pseudorandom function to the input password along with a salt value and runs iterations to produce a derived key.
Secure Hash Algorithm 2 (SHA-2) is a set of cryptographic hash functions designed by the US NSA and published by NIST as a US FIPS.