Zero Knowledge Encryption
Share KeePass Passwords with your Team of multiple users
Enable device level encryption with Pleasant Password Server. Protect your passwords from prying eyes.
Password Server provides End-To-End Encryption (E2EE)! In version 8, each user has the ability to add Zero Knowledge Encryption to their password entries.
The software client securely communicates with the server without server knowledge of your passwords, and the information are securely shared with other users or devices.
Thus the concepts of Zero Knowledge Passwords, Zero Knowledge Architecture, Zero Knowledge Server, Zero Knowledge Database are born.
- Version 8 (SSO edition) - Password Server & Web app
Have Questions? Contact Us!
Pleasant Password Server Version 8
Adds the ability to encrypt passwords at the device level using encryption keys, which are then kept private from the Server and Database.
Each user has their own secret encrypted access based on their own Secret Key or Encryption Password.
Conveniently the user's Secret Keys can be securely stored on the user's devices, with an easy-transfer to subsequent devices.
Encryption Security Methods:
- Secret Keys
- User Encryption Password
- A secure copy of the encrypted data, is securely provided, for each user granted access
- Incompatible requests are securely blocked from accessing the E2EE encrypted values: other client apps, client types, older client versions, and other API requests
- Passwordless (with SAML SSO)
- Share Secrets - with other users
- Corporate Key Architecture
- Password Resets
- Admin - with Corporate Keys
- User - Self-Serve Reset
- Active Directory / LDAP Integration
- New Device Easy-Transfer - of Secret Keys
Zero Knowledge Encryption
Password Server has implemented End-To-End Encryption is from client to server to any other shared devices and clients.
is implemented with the following:
- RSA 2048-bit Asymmetric Encryption
- Salt, PBKDF2-HMAC SHA256 with 100,000 iterations
Zero Knowledge Security
Has the following benefits:
- Protects secrets from Hosting / Cloud Partners
- Protects secrets from Internal threat actors
- Provides another layer of encryption
- on the database & server
- in transit from the device
Passwordless Encryption Method
At this time this layer of encryption is enabled via General Systems, allowing the administrative user to decide which workflows they wish to enable
- User Secret Keys - which can be stored on any the user's device(s)
In this method, 1 user will have 1 Secret Key across devices.
Alternatively, you may choose to base encryption on:
- Encryption Passwords, or
- Secret Keys & Encryption Passwords (both methods)
Device Level Encryption
Each web application client will encrypt/decrypt using the user's encryption keys, which are based on the method (above) chosen by the administrator.
Zero Knowledge Passwords
Secret fields which are encrypted with this method are visibly indicated with a secure shield and include:
- Passwords, TOTP Secrets
Expect additional fields in the future....