WHO - WHAT - WHEN - HOW
The Safe Deposit Vault Service, App, and Reports use the SHA-512 Hash
to provide a unique identifier for any digital content. You can verify you have an exact copy of the digital content that was placed in a Vault by comparing the SHA-512 Hash of your file (Digital Content) with that of the Digital Content stored in the Vault.
The smallest change to any Digital Content, such as changing the color of a single pixel in an image, or adding a period or space in a text file will generate a completely different Hash code.
To see this effect for yourself go to an Online SHA512 Hash Generator
The Safe Deposit Vault Service, App, and Reports use a Digital Thumbprint to uniquely identify a person. A user's digital thumbprint is bound to the user when the user creates a Public Key Infrastructure
Signing Certificate with the Safe Deposit Vault Service. The Thumbprint is a SHA-512 Hash of the Signing Certificate. The Owner of the Certificate/Thumbprint is authenticated to the Safe Deposit Vault Service via their email address as well as their PayPal financial transactions used to pay for the Safe Deposit Vault Service. In addition a Web of Trust
is formed between the owner of a Vault and the recipients (who must also have Digital Thumbprints recorded with the Service) via the invitation to add a recipient to a Vault.
The owner and beneficiaries of files stored in Vaults by the Service are identified by their Digital Thumbprint. A person may have multiple Digital Thumbprints ... but each Thumbprint is unique and uniquely identifies its owner.
Files stored using the Safe Deposit Vault Service are Digitally Signed and Verified
when they are stored/retrieved respectively via the Service. They are signed with the Owners Private Key (only the Owner has access to this) and can be validated by anyone accessing the Service using the Owners Public Key (which is stored with the file as well as available via the Service).
The digital signature is used to validate that the associated Digital Content is an exact copy that the user stored in the Vault.
Files stored using the Safe Deposit Vault Service are Cryptographically Timestamped
and Signed by the Safe Deposit Vault Service and then Verified
when they are retrieved. The Timestamp is generated by the Service using the Service's Private Key (only the Service has access to this) and can be validated by anyone accessing the Service using the Service's Public Key which is available to all users of the Service. The Cryptographic Timestamp is used to unequivocally define when the user signed and saved a file in a Vault with the Safe Deposit Vault service.
Public and Private Keys
One of the first steps a user of the Service does is to create a Signing Certificate. Here the user provides information that is generally used to identify them. It should contain the users Legal Name, their Email Address, and can also contain the users Legal Address. The Signing Certificate also contains your Public PKI key
. The Digital Thumbprint is created as a SHA-512 Hash of this Signing Certificate. The Private Key
is generated on the hardware where the App is installed during this step and is stored in an encrypted manner on that device. The Service never has access to your Private Key.
The Safe Deposit Vault Service and APP use RSA/ECB/PKCS1Padding with a 2048 bit key.
You should have a separate password for the App (option in the App's settings) to secure your Private Key on your device.
The private key is used to Sign digital content that can be verified by others using your public key.
The private key is used to decrypt files that have been encrypted for your eyes only by using your public key. The bulk encryption of the Digital Content is done using AES/CBC/PKCS7 with a 256 bit key and 128 bit block size.