Your data is end-to-end encrypted with ente. Meaning, they are encrypted with your keys before they leave your device.
These keys are available only to you. Meaning only you can access your data else where.
What follows is an explanation of how we do what we do.
When you sign up for ente, your app generates a masterKey
for you. This never leaves your device unencrypted.
Once you choose a password, a keyEncryptionKey
is derived from it. This never leaves your device.
Primary Device
During registration, your masterKey
is encrypted with your keyEncryptionKey
, and the resultant encryptedMasterKey
is then sent to our servers for storage.
Secondary Device
When you sign in on a secondary device, after you successfully verify your email, our servers give you back your encryptedMasterKey
that was sent to us by your primary device.
You are then prompted to enter your password. Once entered, a keyEncryptionKey
is derived, and the client decrypts the encryptedMasterKey
with this, to yield the original masterKey
.
If the decryption fails, the client will know that the derived keyEncryptionKey
was wrong, indicating an incorrect password, and will surface this information to you.
Since only you know your password, only you can derive your keyEncryptionKey
.
Since only you can derive your keyEncryptionKey
, only you have access to your masterKey
.