Forums Bugs & issues New version feedback Reply To: New version feedback

#5363 Reply

Svante
Spectator

Hi Jimb,

c) is the closest to the actual situation, but there’s more to it.

First, when you sign up for AxCrypt, you get what we call your AxCrypt ID. Technically, this is a RSA-4096 key pair. A key pair consist of two encryption keys – a public key and a private key. The public key is non-secret, and can only be used to encrypt data. The private key is secret, and can only be used to decrypt data.

On our server, we store your AxCrypt ID – the public key in plain text and is available for anyone with an account to get, and the private key encrypted with your password as an AxCrypt-file.

To encrypt a file, the following (simplified) happens:

1 – A random 128 or 256-bit key is generated. We call this the master file encryption key, or session key.

2 – The file is encrypted using AES-128 or AES-256 with the master key.

3 – The master key is encrypted with your password and added to the encrypted file.

4 – The master key is encrypted with the public key of your AxCrypt ID.

5 – Optionally, the master key is encrypted with  the public key of any other recipients that are configured using the key sharing feature.

So, to decrypt a file, you need access to either the original password used *or* the private key corresponding to any public key used to encrypt the master key – i.e. the private key part of your AxCrypt ID.

When you change the password of your AxCrypt sign in, what really happens is that the private key is decrypted with the old password, and then re-encrypted with the new password.

Therefore, as long as you have access to your AxCrypt ID, you can open any file encrypted with it, using the new password. So, yes, there is a way for us to change how you open files on computer A, even if you changed the password on computer B (as long as computer A is allowed to sign in to our server at least once).

As a safety measure, we also as mentioned always also encrypt the master key with the password itself, this protects you from the scenario that you for whatever reason lose access to your AxCrypt ID.

All of the above is a simplified version, the details are more complex, but it’s all done using well-known standard cryptographic techniques and methods. For full details, please check out https://forum.axcrypt.net/documentation/technical/ .