What is the general encryption method used in MySudo?

*Android coming soon - currently in alpha testing*

Encryption is used extensively to ensure the confidentiality of MySudo user data.  The general encryption approach is to ensure that data is encrypted so that it can only be decrypted by you:

Key Generation
1. When the app is installed and launched for the first time, MySudo generates public/private key pairs on the user’s device. 
2. The private keys are stored in the mobile device’s specific secure key storage, e.g. iOS keychain and Android Keystore. Users of MySudo on iOS may optionally backup their encryption keys to their Apple iCloud account, or to a laptop using Apple iTunes as part of an encrypted backup. Users of MySudo on Android may optionally backup their encryption keys to their Google Drive account, protected by a password of their choosing. The private keys are never stored in the Sudo Platform.
3. The public keys are uploaded to the Sudo Platform.

Data Encryption
1. SudoOut content, e.g. an SMS or email, is received by the Sudo Platform and encrypted before being stored in the Sudo Platform and delivered to your device.
2. An AES-256 data encryption key (DEK) is generated in the Sudo Platform.
3. The DEK is then encrypted with your public key, so that it can only be decrypted by the receiving MySudo user.

Data Decryption
1. On your device, you receive the encrypted DEK and decrypts the DEK using your private key.
2. The encrypted message content is then decrypted using the DEK.
3. The decrypted message content is then visible to you.

MySudo settings
1. MySudo app settings (Sudo profile information and contacts) are encrypted on your device using AES-256 symmetric key encryption.
2. The encrypted settings are stored in the Sudo Platform. This allows for synchronization across a user’s multiple devices.
3. The encryption key is never stored in the Sudo Platform.