Forums Community What do you precisely keep on your servers and why ?

This topic contains 6 replies, has 2 voices, and was last updated by  Michel 1 year, 2 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #5704 Reply

    Michel

    Hello,

    May main question is in the subject :-)

    I’m an user of the previous version and about security I’m not comfortable with the private key beign somewhere in the cloud.

    Best regards

    #5707 Reply

    Svante
    Keymaster

    Hello Michel,

    It’s an important question to have a good answer for, so we’ve updated https://www.axcrypt.net/documentation/technical/ with this information.

    #5712 Reply

    michel

    Thank for your reply Svante.

    Do not mind but that replies only at “what” and no at “why” :-) . More precisely, why to keep a copy of the private key, crypted or not, that’s not the matter. That would be a real concern for some of our cusotmers.

    Best regards.

    Michel

     

     

    #5715 Reply

    Jeremy

    michel – not storing an encrypted copy of your private key would make it very difficult to share files with other people. It’s also a good idea to have an escrowed (stored on the server) private key in case of virus infection on the endpoint.

    Having the key escrowed is no different to uploading an encrypted file to the cloud. If somebody can break into the encrypted private key then they could also break into the file without the private key. It makes no difference.

    #5717 Reply

    Michel

    Hello Jeremy,

    In my opinion, another people need only my public key to decrypt what I’ve encrypted with my private key, private means private :-)

    Meanwhile, in a perfect world, if he’d edit the file and would send me it back, he should use his private key and myself his public key to read it.

    I’m not sure how AxCrypt works on this point.

    Michel

    #5720 Reply

    Svante
    Keymaster

    Hi Michel,

    Jeremy points out the gist of the matter.

    The “why” for most of the information should be obvious, but let’s expand on the encrypted private key. Just as Jeremy states, it’s serves as a backup should your device be lost or destroyed. More importantly, we use it keep it synchronized across devices so if you have two PC’s or a mobile phone, we’ll automatically download the private key to your device so you don’t need to keep track of it.

    As to the security, Jeremy formulates it perfectly: “Having the key escrowed is no different to uploading an encrypted file to the cloud. If somebody can break into the encrypted private key then they could also break into the file without the private key. It makes no difference.

    You’re mistaken when you say “another people need only my public key to decrypt what I’ve encrypted with my private key“. And it’s not a matter of opinon ;-)  Think about it. It doesn’t make sense. Your public key, is… public. Non-secret. If that was used to decrypt what you encrypted with your private key – where’s the security? It’s exactly the other way around.

    It’s the public key that’s used when sharing with someone, but it’s the private key that is needed when someone shares a file key with you.

    The public key of someone, perhaps yourself, gives anyone the capability to encrypt. But only the holder of the private key can decrypt that data. That’s why the private key is called private, because it’s private i.e. secret. It’s what enables you to decrypt something encrypted with your public, non-secret, key.

    #5722 Reply

    Michel

    Right Svante and Jeremy :-)

    My error is to have inverted the role of the private and the public key !

    Thank for your replies.

    Michel

Viewing 7 posts - 1 through 7 (of 7 total)
Reply To: What do you precisely keep on your servers and why ?
Your information: