All articles
Encryption Jul 15, 2026 · 6 min read

Zero-knowledge backup, explained: why your keys should never leave your device

End-to-end encryption is only as good as its key management. Here is how Secureefy Backup derives keys on-device with AES-256-GCM and PBKDF2 so that no one — not even us — can read your data.

ST

Secureefy Team

Security Engineering

Most "encrypted" cloud storage still holds the keys that unlock your data. That is convenient — until the provider is breached, subpoenaed, or simply curious. Zero-knowledge backup flips the model: encryption happens on your device, and the keys never leave it.

How Secureefy Backup does it

Every file is encrypted before it leaves your machine using AES-256-GCM, an authenticated cipher that both encrypts and detects tampering. The key is derived from your passphrase using PBKDF2-SHA256 with 100,000 iterations and a 32-byte random salt.

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key derivation: PBKDF2-SHA256, 100,000 iterations
  • Nonce: 12-byte random per file
  • Auth tag: 128-bit — tampering is mathematically detectable

Keys live in the macOS Keychain / Secure Enclave and Windows Hello secure storage. We store only ciphertext we cannot read.

Why authenticated encryption matters

Older tools used AES-256-CBC with no integrity check, so a corrupted or maliciously altered file could decrypt to garbage silently. GCM's authentication tag means a wrong password and a tampered file are indistinguishable — and both fail safely.

Your keys, not ours. That is the whole point.

If you take one thing away: if a backup vendor can reset your encryption for you, they can read your data. Secureefy can't, by design.

Ready to secure your business?

Create your account and start with Secureefy Scan, Secureefy Backup, or both — one account, one bill.