Forums Community How does Axcrypt validate passwords if the private keys are encrypted on server? Reply To: How does Axcrypt validate passwords if the private keys are encrypted on server?

#8148 Reply


Hello Aaron,

You pose a very relevant question.

What we actually do on the server at this time, is to use the password manager encrypted XML as a vehicle to verify the password. We don’t actually decrypt or necessarily even keep a password manager file around, but instead in our handler for a sign in, we try to decrypt a “dummy” encrypted XML. If it succeeds, the password is verified. We’re not worried that this is a bad or insecure approach, but as mentioned in the original post, all security analysis is eased if complexity is reduced, so in the future we’ll be using the encrypted private key instead.

If you’re offline using a desktop app, we use the private key and we check to see if we can decrypt the private key AxCrypt-file in order to verify the password.  We don’t actually decrypt it – we just verify that we can.

Exactly how this is done is explained in the technical documentation of the AxCrypt file format. Briefly: All AxCrypt-encrypted files are encrypted with a random key uniquely generated for every time a file is encrypted. This key, the “session key” as it were, is then encrypted using the NIST AES Key Wrap algorithm using your password (and if it’s a normal file, also with your public key). So what we do when we encrypt the private key is we encrypt it with a random key, then encrypt that key with the NIST AES Key Wrap, and to verify we just attempt to unwrap the session key. The key wrap is self-verifying, so we’ll know if we get the right session key, and thus if the password is correct.

So, in either case, we don’t actually need to decrypt the private key in order to verify the password.