All information is exclusively exchanged via TLS secured channels. This applies to the transport of data as well as to the communication of SEGULINK application with its backend system. Therefore all data is secured against eavesdropping on its way from the sender to the recipients.

All data is additionally encrypted with an AES-256 cipher in the Galois-Counter-Mode using a completely random password. Each file gets its own password and random filename.

This encryption is done within the SEGULINK application (Desktop App, Chrome App, Web App). If you use cloud storages for exchanging your data, only encrypted and non-traceable files will be transferred to the external storage.

If you want to send files to another SEGULINK registered user, the application uses the public Elliptic Curve Diffie-Hellman key for securing the random file transfer passwords (which are used for the actual file encryption). This encrypted message is then transferred to the recipient, either directly or by using an intermediate cloud store. Only the recipient is able to decrypt the message by accessing his private ECDH crypto key. Access to the private keys is restricted by an additional secret, which is exclusively known to the recipient.

Every password used in SEGULINK is derived first by using the standard password derivation algorithm PBKDF2 with a unique salt and many thousands of iterations. Therefore brute force and dictionary attacks on derived passwords are effectively made useless.