Cryptography overview
Security is built into every stage of development — from the first idea to the final release. This section describes the cryptographic model, algorithms, and data protection mechanisms that make Passwork trusted by thousands of businesses worldwide.
Who this section is for
- Information security specialists — for audits and compliance assessments
- Technical decision-makers — for evaluating the product before deployment
- Administrators — for understanding how the system works and how to configure it
How we build secure software
| Practice | Description |
|---|---|
| Security champions | OWASP training and threat modeling in every development team |
| DevSecOps approach | Static & dynamic analysis, SCA, IaC scanners integrated into every build |
| Multi-stage review | No direct pushes to main branch, mandatory security code review |
| External audits | Annual penetration testing and security audits by independent experts |
Standards and validation
- ISO 27001 certified — all development and infrastructure practices meet the highest security standards
- Tested by HackerOne — independent security assessments by ethical hackers
- GDPR compliant — full compliance with European data protection regulations
Zero-Knowledge architecture
Passwork is built on the Zero-Knowledge principle: the server does not have enough information to decrypt user data. Neither server administrators nor technical staff can access your passwords — even if they wanted to.
- The master password never leaves the user's device
- All cryptographic keys are generated on the client
- The server stores only encrypted data and encrypted keys
- Decryption is only possible on the client side
This architecture ensures your passwords never leave your infrastructure, making Passwork trusted by government agencies and highly regulated organizations across Europe.
Two-level protection
Passwork applies two levels of encryption:
| Level | Where it runs | Key | When active |
|---|---|---|---|
| Client-side encryption | Browser / app | User keys | When CSE is enabled |
| Server-side encryption | Server | Server key | Always |
Even with client-side encryption disabled, data is still protected by server-side encryption with AES-256.
Algorithms used
| Purpose | Algorithm | Parameters |
|---|---|---|
| Key derivation from password | PBKDF2 | SHA-256, 300K iterations |
| Symmetric encryption (server) | AES-256-CFB | OpenSSL |
| Symmetric encryption (client) | AES-256-CBC | + Base32 encoding |
| Asymmetric encryption | RSA-OAEP | 2048 bit, SHA-256 |
| Hashing | SHA-256, SHA-512 | — |
Section structure
Fundamentals
- Glossary — definitions: master password, master key, vault, record, keys
- Data model — object hierarchy and relationship with cryptographic keys
Encryption
- Encryption scope — which fields are encrypted on the client, which on the server
- Key hierarchy — key chain from master password to attachment keys
- Cryptographic algorithms — specifications for PBKDF2, AES, RSA
Processes
- Authentication — master password verification and access workflow
- Local storage — saving master key in the browser
- Record sharing — internal sharing and external links
Infrastructure
- Server-side encryption — AES-256-CFB, key management, rotation
- Session tokens — Access Token, Refresh Token, CSRF protection
Encryption chain overview
Client side:
- Master password (entered by user) → PBKDF2 (300K iterations) →
- Master key (512 bits) → AES-256-CBC →
- Private RSA key (2048 bits) → RSA-OAEP (WebCrypto) →
- Vault key (256 bits) → AES-256-CBC →
- Record key (256 bits) → AES-256-CBC →
- Record data (passwords, secrets, files — encrypted)
Server side:
- Server key (256 bits, OpenSSL) → AES-256-CFB →
- Database (double encryption)
What is encrypted on the client
Not all data is encrypted on the client — some fields are protected only by server-side encryption to enable search and sorting functionality.
Detailed information about encryption of each field is in the Encryption scope section.
Key parameters
| Parameter | Value |
|---|---|
| RSA key | 2048 bits |
| AES key | 256 bits |
| PBKDF2 iterations (client) | 300,000 |
| PBKDF2 iterations (server) | 600,000 |
| Access Token entropy | 256 bits |
| Link token entropy | 256 bits |
| Vault key entropy | ~596 bits |
Industry standards compliance
| Parameter | Passwork | NIST recommendations (2024) | Status |
|---|---|---|---|
| Symmetric encryption | AES-256 | AES-128/192/256 | ✓ |
| Asymmetric encryption | RSA-2048 | RSA-2048+ | ✓ |
| Hashing | SHA-256/512 | SHA-2 family | ✓ |
| PBKDF2 iterations | 300K/600K | ≥310K (SHA-256) | ✓ |
| Random number generator | CSPRNG | CSPRNG | ✓ |