Security
Encryption & key management
The cryptography behind zero-knowledge backup.
- Cipher: AES-256-GCM (authenticated encryption)
- Key derivation: PBKDF2-SHA256, 100,000 iterations, 32-byte salt
- Nonce: 12 bytes, random per file
- Auth tag: 128-bit, detects tampering
- Key storage: macOS Keychain / Secure Enclave, Windows Hello
Because keys are derived on-device and never transmitted, Secureefy operates on a zero-knowledge basis: we store ciphertext we cannot read.