At PKHub we take security very seriously, and we do our utmost to keep with the latest industry security standards.
For communications we use HTTP2 always, with support for TLS1.2 and 1.3, our ciphers are also updated
and checked to ensure we always have the most secure ciphers in use.
Data like Secrets, Environments, Notes, Logins, are encrypted using AES256-CBC-HMAC-SHA-512 and all keys generated are secure random and 512 bits in length.
Your PKHub login account password is never stored on our systems, on registration we hash your password using Bcrypt with SHA512.
The hash is stored on our systems for login purposes.
We don’t store your master key
Only you have the keys to decrypt your data.
When you register we create a secure random 512 bit encryption key for your account. This key is encrypted with your password and can only be decrypted when you login.
When you create a Safe a secure random 512 bit key is created for that Safe, this is the key we use to encrypt all information stored in the Safe, and this is the key that is shared with other users you share
the Safe with. The Safe’s key is encrypted with your account key and with every user’s account key that the Safe is shared with.
HTTP2 requires end to end encryption, this means that proxies cannot intercept or decrypt any of the data between you and our servers, not even our own load balancers. This does make deployment more complex but increases security for you. No attacker can snoop on your data via any intermediate proxy. HTTP2 mandates TLS encryption, which means that by design and from the get go every single point of communication is encrypted.
Secure Session Cookies
We only use secure cookies, which means cookies are only transferred encrypted and our sessions cookies only contain a session id, which point to your encrypted session on our servers. The session is encrypted, lives in memory and expires after a configured amount of time from memory.
Communicating vulnerabilities or other security issues
For any security related issue please contact us via our Support page.