Encryption Model¶
Cryptographic Details¶
| Parameter | Value |
|---|---|
| Algorithm | AES-256-GCM |
| Key Size | 256 bits |
| Mode | GCM (authenticated encryption) |
| IV | 96 bits, randomly generated per file |
| Auth Tag | 128 bits |
| Key Derivation | PBKDF2-HMAC-SHA256, 600,000 iterations |
| Key Wrapping | AES-KW (RFC 3394) |
Key Hierarchy¶
Master Key (customer-held, never transmitted)
↓ derives
File Key (unique per file)
↓ wraps
Share Key (per recipient, time-limited)
Demo¶
Try encryption in your browser: cyfr.technology/demo/vault