zkBox security

Why is different?

Because no one, not even the zkBox team, but the owner, can read the data saved into the system. The data is encrypted and decrypted only by the clients and it is never traveling in clear form. Each client has its own encryption key.


zkBox is a zero-knowledge application. In short, this means that we don't know anything about the data that is stored in the system. We don't even know the name of the users that are in the system.

I'm a nerd. What's under the hood?

zkBox uses well known security algorithms to perform authentication and to encrypt your data. Moreover, the hosted installation of zkBox uses Amazon Web Services, a reliable and scalable storage solution for the zkBox data.

The authentication algorithm is SRP-6a, the data encryption is performed using AES256. Additionally, digests are computed using SHA512 and the random numbers are generated using a TRNG when possible, with fallback to PRNG.
A zkBox installation consists of several API instances behind a load balancer. An instance is dealing with a part of the client calls and the most important underlying components are:
- the authentication and authorization layer
- the distributed cache per installation (Velocity)
- the storage layer (depending on the installation type can be SQL Server or Amazon S3 + Amazon SimpleDB)