Our Data Encryption Technology
Wimi Armoured has unique technology in place to encrypt the data surrounding your sensitive projects.
Wimi Armoured has unique technology in place to encrypt the data surrounding your sensitive projects.
Wimi Armoured uses a Trustchain for automatic key exchange and each employee action is recorded in an unalterable log.
The encryption system is ultra-fast and invisible to your users.
Data is encrypted from your devices using your private key and the Trustchain BEFORE being sent to our servers. We can not (or anyone else) decipher them.
Every user has their own keys, which are linked to their encrypted identities (devices). There is no master key.
The unlocking service allows users to openly access their encrypted data on all their devices.
Wimi Armoured is based on an open-source encryption library and Elliptic Curve Cryptography.
Data is decrypted locally on users’ hardware device and is inaccessible to all other users and unreadable on the Wimi Armoured servers.
Data sharing between users triggers the exchange of their key confidential information, thanks to the trust chain: an inviolable log of cryptographic data and a distribution system of keys linked to identities.
The local cryptographic information is encrypted with the Wimi Armoured user token. The latter is distributed on the Wimi Armoured site with the aid of a two-factor identification system.
Wimi Armoured uses end-to-end encryption to secure the data directly onto the user’s hardware device. The data encrypted with Wimi Armoured is accessible on each of the user’s devices and can be shared with other users in an autonomous and invisible way.
Wimi Armoured stores your previously encrypted data on your device. The management of your encrypted data does not require any specific action on your part, Wimi Armoured looks after everything! The public keys needed to access your data are automatically transferred via Wimi Armoured servers, in an encrypted form. Wimi Armoured can not access keys or data.
An electronic certificate (public key) can be considered as a digital identity card. It is used mainly to authenticate an actual or legal entity, but also to encrypt exchanges. It is signed by a trustworthy third-party who demonstrates the link between actual identity and digital (virtual) entity.
No. The data is encrypted and decrypted on the client side. The keys are only accessible to the users.
Wimi Armoured can not access keys or data. Wimi Armoured is not able to read, modify or transfer your data, only allowed users can (with their private keys).
In the case that our servers are hacked, the hackers would not have access to the public keys or to the encrypted data. The keys and the data are therefore unusable. This separation of responsibilities between two parties (Wimi Armoured stocking the data and encrypted keys, your users keeping the private keys) makes data leakage impossible.
The Trustchain and unlocking system are coded in Go, assisted by a PostgreSQL and deployed via Kubernetes.
The Wimi Armoured procedures are based on Cryptobox and Secretbox of libsodium:
Cryptobox is used for the asymmetric encryption of data keys
Secretbox is used for the encryption of data
When using Elliptic Curve Cryptography (ECC), Wimi Armoured manages the smallest keys in order to increase the speed of data transmission, without any impact to security.
– Ed25519 for signatures
– X25519 for asymmetric encryption
– XChaCha20-Poly1305 for symmetrical encryption