Skip to content

Encryption Model

Cryptographic Details

Parameter Value
Algorithm AES-256-GCM
Key Size 256 bits
Mode GCM (authenticated encryption)
IV 96 bits, randomly generated per file
Auth Tag 128 bits
Key Derivation PBKDF2-HMAC-SHA256, 600,000 iterations
Key Wrapping AES-KW (RFC 3394)

Key Hierarchy

Master Key (customer-held, never transmitted)
    ↓ derives
File Key (unique per file)
    ↓ wraps
Share Key (per recipient, time-limited)

Demo

Try encryption in your browser: cyfr.technology/demo/vault