All information is exclusively exchanged via TLS secured channels. This applies to the transport of data as well as to the communication of SEGULINK application with its backend system. Therefore all data is secured against eavesdropping on its way from the sender to the recipients.
All data is additionally encrypted with an AES-256 cipher in the Galois-Counter-Mode using a completely random password. Each file gets its own password and random filename.
This encryption is done within the SEGULINK application (Desktop App, Chrome App, Web App). If you use cloud storages for exchanging your data, only encrypted and non-traceable files will be transferred to the external storage.
Key exchange: ECDH
If you want to send files to another SEGULINK registered user, the application uses the public Elliptic Curve Diffie-Hellman key for securing the random file transfer passwords (which are used for the actual file encryption). This encrypted message is then transferred to the recipient, either directly or by using an intermediate cloud store. Only the recipient is able to decrypt the message by accessing his private ECDH crypto key. Access to the private keys is restricted by an additional secret, which is exclusively known to the recipient.
Password derivation: PBKDF2
Every password used in SEGULINK is derived first by using the standard password derivation algorithm PBKDF2 with a unique salt and many thousands of iterations. Therefore brute force and dictionary attacks on derived passwords are effectively made useless.
Key management: Online or Offline
Key management is at the core of every security solution. With SEGULINk you can choose: use the embedded key management functionality ot the SEGULINK plattform for simple and convenient access to your crypto keys from every device. In this case your private keys are uploaded to the SEGULINK server, but only after they have been encrypted by a password solely known to you. You can also choose to manage your private keys by yourself, thus preventing your keys to leave your local system. But of course then you need to take care about key vault import and backup by yourself.