Security

FortKnoxster uses the strongest encryption algorithms and techniques available, combined with Blockchain and IA technologies. Our FIPS 140-2 compliant end-to-end encryption design ensures that only you have access to your data and no one else — not even FortKnoxster can access any data. FortKnoxster’s cryptography consists of AES-GCM 256-bit military grade encryption, RSA-OAEP/RSA-PSS 8192-bit encryption with SHA-512 and Elliptic Curve ECDH/ECDSA P-521 encryption.

DieFi Dead Man's Switch

FortKnoxster Dead Man's Switch feature consist of FortKnoxster's strong end-end-encryption combined with a decentralized KMS approach using proxy re-encryption for secret key sharing with timed based policy encryption through blockchain smart contracts. FortKnoxster is also built using Arweave - a decentralized permanent storage protocol.

FortKnoxster Servers

Privacy Features by Default

Blockchain Integration
FortKnoxster uses blockchain technology and decentralized storage to protect time-based secrets with proxy re-encryption (PRE).
Privacy by Design
Your privacy is our priority. The FortKnoxster platform is designed to honour the privacy of all users. Oh – did we mention, that there is absolute no annoying ads or spam?
Zero-Knowledge
Zero-knowledge architecture means that only you have access to your encrypted communication and data and only you know its content. No one else — not even FortKnoxster.
Confidentiality
FortKnoxster uses advanced military-grade cryptography with strong 256-bit AES-GCM encryption. Only the intended recipients have access to the data.
Integrity
All encrypted data and files are verified for message authenticity to avoid man-in-the-middle tampering attacks and hacks.
Digital Signature
All encrypted data are digitally signed with the senders’ private key and the senders’ identity is cryptographically verified before decrypting the data.

End-to-End Encryption by Default

All data and files sent and received in FortKnoxster are end-to-end encrypted by default. When you create a FortKnoxster account, several cryptographic keypairs are generated on your local device to encrypt and decrypt messages and files. The private keys are protected with encryption keys derived from your password which is only known to you and nobody else.

Zero-Knowledge Authentication

FortKnoxster uses a zero-knowledge authentication scheme in which the user’s password never leaves the user’s device, keeping you in control of your private keys and confidential security information. FortKnoxster never transmit or store passwords in plain text, as these are protected with a hash-based encryption for zero-knowledge authentication.

FIPS 140-2 Level 3 Compliant Encryption

FIPS 140-2 is a mandatory standard for the protection of sensitive or valuable data at Government and military level systems. FortKnoxster uses FIPS 140-2 level 3 compliant encryption for securing customer data and communication at rest and in transit, with hardware security modules (HSM).

Peer-to-Peer Encryption Protocol

FortKnoxster has developed a unique peer-to-peer encryption message protocol between users’ client devices and FortKnoxster’s crypto nodes, to protect against MITM attacks and prevent unauthorized account access, besides the TLS layer. All critical user actions such as fetching contacts and their public keys, account synchronization and user settings (like account recovery, password change and two-factor authentication), are both encrypted and cryptographically signed bidirectionally between the user device and the crypto nodes.

Client-Side Integrity Protection

FortKnoxster clients apply cryptographic authentication using AES-GCM with AEAD, to ensure data integrity and authenticity, and to avoid tampering. The key is only known to the user’s client and those they share the file with, not the server.

Transport Layer Security

All communication between the client devices (desktop browsers, Android app, iOS app) and the servers are layered with an extra separate strict encryption channel using HSM to protect private keys. Only TLS 1.2 and TLS 1.3 are supported and is configured with the strongest cipher suites available, such as ECDH with elliptic curve 25519 and RSA 3072-bits, including a 4096-bit Diffie-Hellman parameter for DHE cipher suites. The strong TLS configurations enable HTTP Strict Transport Security (HSTS), OCSP Stapling, Forward Secrecy and protect against all known attacks such as Beast, Heartbleed, Poodle and many more.

Open Source

Our source codes are open sourced on GitHub and allows security researchers to fully evaluate our end-to-end encryption implementation in our desktop web app and native mobile apps for iPhone/iPad and Android devices.

 

FortKnoxster Crypto Web
Cross-browser cryptographic library implementing the Web Cryptography API for FortKnoxster’s end-to-end encryption and peer-to-peer message encryption protocol.

Security Auditing

All FKX token related smart contracts have all been security audited prior to deployment on the Ethereum and Binance Smart Chain blockchains.

Bug Bounty Program

As security and privacy is our bread and butter, we at FortKnoxster look forward to working with the security community to find security vulnerabilities in order to keep our users and business safe. If you are a security researcher, white hat hacker or developer and want to report a vulnerability, please visit FortKnoxster’s Bug Bounty Programme.