How are my private keys protected?
When a user registers on FortKnoxster.com – 4 sets of RSA key-pairs are generated, 3 sets of elliptic curve (EC) key-pairs and 7 Key Protector(s) (one per private key) in the client’s browser.
These encryption and identity key-pairs are used for different services and protocols, such as inbox, chat, calling, file storage & account settings. Unlike other known encryption protocols, each of FortKnoxster’s services or protocols needs two sets of key-pairs, one for encryption and decryption and one for signing and verification.
The key protector is used to encrypt/wrap each private key which is only known to the user.
The user’s plain password is used to form two passwords in the client, the account password, and the root key.
Please note: The user’s plain password is only known to the user and it is very important to understand that the user’s plain password and the root key are never ever sent to the servers.
The account password is a cryptographic hash of the plain password using the PBKDF2 algorithm with SHA-256 as the hashing algorithm, which performs 20,000 rounds of hashing operations (key stretching) and takes the firstname.lastname@example.org as a salt. The outcome is a strong password, which is sent to the server and stored as another cryptographic hash using the BCRYPT key derivation function. This password is only used to authenticate the user and cannot decrypt any of the users’ data.
The root key is computed the exact same way as the account password, but takes a 32-byte randomly generated salt and 50,000 rounds of hashing, and therefore is a completely different password. The root key forms a 32-byte AES key which is used to encrypt/wrap a Key Protector with AES-KW.
At this point each RSA and EC private key are encrypted/wrapped with AES-GCM with the 32-byte key protector, which is locked by the 32-byte root key, each forming a key container. All the public keys and protected key containers are sent to the server during the registration, along with the user details and account password.
When a user changes password, the account password is changed the same way as above and all the key protectors are re-encrypted with the new root key computed the same crypto operations above and replaced in the key containers.
When a user enables the account recovery feature, a new key protector is added to each key container, using the recovery key as the root key in the above crypto operations.