Keys? We don't need no keys. How to share and encrypt without sharing the key.


So many keys, so little time


One of the big issues and barriers with encryption is key management – You need a strong, random, hard to guess key that both parties know, you need to share this key with the other party, and managing how to store the key somewhere safe is a serious impediment to widespread adoption of encryption.

Any security focused app that want's to be successful needs a user experience that hides many of the steps needed to secure data while at the same time, securing the data. And even more importantly - You need to take the decision whether or not to encrypt out of the hands of your team by making it seamless and transparent.


With DropVault we try to address the issue of managing your keys – We let you share conversations and documents with anyone without ever sharing the encryption key.

How does this work?


When you create a channel and choose an encryption key, we also create a password.  For every user you invite to access the channel, we also create a unique password for them. This password is one of the pieces needed to access the key. The important piece is that key itself is never shared.

Why this makes a difference?

By just having a password for each user, we are keeping the key secret. This improves security and also means that when a user or customer leaves or no longer requires access to the channel, you simply remove the invite (and password). They walk away with no knowledge of the key itself.

Keys? We don’t need no keys


When you think that any communication with another party or person will likely involve more than one message, so generating and sharing a key for each message would be an administrative nightmare, and a user experience killer.

So we address this by grouping all communications (or conversations) with another party into a channel and then securing the channel with the key and the password.



By just having a password (and two factor authentication/Fido/Yubikey) the user experience is much better. Just invite someone to the channel, give them their password  and DropVault automatically decrypts all the conversations and documents in the channel - Can be one conversation or 100 conversations, with or without documents yet every single one is encrypted and secured.

Because the user is already in the channel and authenticated, adding a new conversation or document is simple and the encryption is transparent. Just add or reply, attach your documents and save. In the background, Dropvault encrypts and adds it to the channel.

We don't need to ask for any keys or passwords to save or send. That's a user experience that makes your team share securely by default.

Why this makes sense




You now have a highly secure way to share encrypted conversations and documents while keeping the user experience as good as it can get.


  • You also make your documents more secure because you never compromise the key – this is always held by the business and never by the user that is accessing the content.
  • You can revoke access at any time – The key never needs to be changed because it’s never been shared.
  • By keeping conversations inside a secured channel, you allow the user to interact and view any message or document without the need to manage keys for each message. This increases productivity and time in the app while ensuring security.
  • With the entire channel being secured, the decision to secure a message or document is no longer a choice for the user.  This is security by default and makes you sharing 
That's it. You now have a platform for sharing securely with your team or your customers and never sharing the key. What's more is that it is security by design and by default. Anything shared using your DropVault channel is secured and the decision to secure it is not left to your team. 



Comments

Popular posts from this blog

Why email sucks as a secure collaboration tool

So many parties, so little time - How Dropvault brought secure collaboration to property conveyancing