Enkryptify Share is a robust, secure secret-sharing solution built upon the same security principles that power our main Enkryptify platform. This tool enables users to share sensitive information securely without requiring an account, making it freely accessible to everyone.

How it Works

Enkryptify Share provides three customizable options for secret sharing: direct value sharing, expiration after a specific time, and expiration after a set duration. Our system automatically deletes shared secrets once they reach their expiration criteria, ensuring sensitive information doesn’t persist longer than necessary.

The platform implements end-to-end encryption, ensuring that sensitive data remains protected throughout the transmission process. The encryption and decryption processes follow rigorous security protocols:

Encrypting a value

  1. A cryptographically secure random passphrase (512-bit) is generated
  2. The system derives a symmetric key using:
    • The generated passphrase
    • A random salt
    • 600,000 rounds of PBKDF2
  3. The secret value is encrypted using AES-256-GCM with the derived symmetric key
  4. The encrypted value is transmitted to the server without the key or passphrase
  5. A URL is generated containing:
    • The encrypted value’s unique identifier
    • The key as a query parameter (?key=)

Decrypting a value

  1. The system parses the shared URL to extract:
    • The encrypted value’s identifier
    • The decryption key
  2. A server request retrieves the encrypted value
  3. The server validates:
    • The existence of the encrypted value
    • The expiration status
  4. Upon validation, the encrypted value is returned to the user
  5. A symmetric key is regenerated using
    • The passphrase
    • The original salt
    • 600,000 rounds of PBKDF2
  6. The value is decrypted using AES-256-GCM with the regenerated symmetric key

Contact and Reporting

For security-related inquiries or to report potential vulnerabilities, please contact our security team at security@enkryptify.com. We encourage responsible disclosure and work closely with security researchers to maintain the highest security standards.

Last updated: 27 Nov. 2024