We use encryption extensively to keep MySudo user data confidential. The general encryption approach is to ensure that data is encrypted so that only you can decrypt it:
Key generation
-
When you install and launch the app for the first time, MySudo generates public/private key pairs on your device.
-
The private keys are stored in the mobile device’s specific secure key storage (e.g. iOS keychain or Android Keystore). If you use MySudo on iOS, you may optionally back up your encryption keys to your Apple iCloud account, or to a laptop using Apple iTunes as part of an encrypted backup. If you use MySudo on Android, you may optionally back up your encryption keys to your Google Drive account, protected by a password of your choice. The private keys are never stored in Sudo Platform.
-
The public keys are uploaded to Sudo Platform.
Data encryption
-
Sudo-to-nonSudo content (e.g. an SMS or email), is received by Sudo Platform and encrypted before being stored in Sudo Platform and delivered to your device.
-
An AES-256 data encryption key (DEK) is generated in Sudo Platform.
-
The DEK is then encrypted with your public key, so that it can only be decrypted by the receiving MySudo user.
Data decryption
-
On your device, you receive the encrypted DEK and decrypt the DEK using your private key.
-
The encrypted message content is then decrypted using the DEK.
-
You can then see the decrypted message content.
MySudo settings
-
MySudo app settings (Sudo profile information and contacts) are encrypted on your device using AES-256 symmetric key encryption.
-
The encrypted settings are stored in Sudo Platform. This allows for synchronization across your multiple devices.
-
The encryption key is never stored in Sudo Platform.
Comments
0 comments
Article is closed for comments.