Encryption

The product uses a randomly generated cryptographic key to encrypt uploaded files and other secrets.

To generate a new cryptographic key:

1. Go to "Settings" → "Security" → "Encryption."

2. Click the "Generate Key" button.
3. Confirm the action in the appearing window.

4. Select "Cancel" to abort. Select "Confirm" to continue.
5. The new cryptographic key will be generated, and a one-time chance to download it will be provided. Store it securely in a file.

6. If storage is dismissed by mistake, generate a new encryption key. The previous key will be automatically removed by the system.

The system uses the AES algorithm with CBC mode and PKCS7 padding to generate cryptographic keys. Newly created keys are stored as UTF8-encoded hexadecimal characters.

Once a new encryption key is generated, it will be used for all subsequent file uploads. Files uploaded prior will remain encrypted with the old keys.

Example

1. File1 and File2 are encrypted with key A.
2. User generates key B => key A becomes obsolete.
3. User uploads File3.
4. File3 is encrypted with key B.
5. System runs a cleanup check and finds that key A is obsolete but is still used to encrypt files File1 and File2; thus, it is not removed.
6. User generates key C => key B becomes obsolete similar to key A.
7. User deletes files File1 and File3.
8. System runs a cleanup check and deletes key B (obsolete + no encrypted files). Key A still has one file (File2) encrypted with it so it is left intact. Key C has no files encrypted with it but it is still the active key, so it remains intact, too.