Here’s how it works, briefly, to encrypt a file.
1. A 128- or 256-bit key is generated with a strong cryptographic pseudorandom number generator.
2. The file is encrypted with this key.
3. The key is encrypted using an iterative algorithm called NIST AES Key Wrap, with the number of rounds determined by the speed of your device. I.e. the faster the computer, the stronger the key encryption is.
4. The key is also encrypted using your public RSA-4096 key we generated for you.
5. The key is also encrypted using the public RSA-4096 keys of people you have enabled key sharing with.
6. All of these versions of the encrypted key are included in the file, both at the start and at the end for redundancy.
Your private RSA-4096 key, which we store on the server for backup and device synchronization/initialization purposes, is encrypted with AxCrypt, using your password with the above procedure but with steps 4 & 5 skipped for obvious reasons.
Once you have signed in for the first time on a device, your private key is cached locally and Internet access is no longer required.
Hope this clears things up!