Info
Pleasant Password Server
A. Install
Activating Software
Next Steps
Updating Software
Zero Knowledge Encryption
IIS Hosting
Cloud Hosting
Hardware and Software Requirements
Azure Integration
Redirect HTTP Requests to HTTPS
New Blank Install
Setup Switches
Digital Signatures and Checksum Hashes
Sitemap
Info  >  Pleasant Password Server  >  A. Install  >  Zero Knowledge Encryption Page last modified Apr 06 2023, 14:35

Zero Knowledge Encryption

Share KeePass Passwords with your Team of multiple users

Enable device level encryption with Pleasant Password Server. Protect your passwords from prying eyes.

Password Server provides End-To-End Encryption (E2EE)! In version 8, each user has the ability to add Zero Knowledge Encryption to their password entries.

The software client securely communicates with the server without server knowledge of your passwords, and the information are securely shared with other users or devices. 

Thus the concepts of Zero Knowledge Passwords, Zero Knowledge ArchitectureZero Knowledge Server, Zero Knowledge Database are born.

Applies to: 

  • Version 8 (SSO edition) - Password Server & Web app

 

Have Questions?  Contact Us!

 

Pleasant Password Server Version 8

Adds the ability to encrypt passwords at the device level using encryption keys, which are then kept private from the Server and Database.

Each user has their own secret encrypted access based on their own Secret Key or Encryption Password.

Conveniently the user's Secret Keys can be securely stored on the user's devices, with an easy-transfer to subsequent devices.

 

Encryption Security Methods:

  • Secret Keys
  • User Encryption Password

 

Sharing Secrets:

  • A secure copy of the encrypted data, is securely provided, for each user granted access

Client Safeguards:

  • Incompatible requests are securely blocked from accessing the E2EE encrypted values: other client apps, client types, older client versions, and other API requests 

Feature Support:

  • Passwordless (with SAML SSO)
  • Share Secrets - with other users
  • Corporate Key Architecture
  • Password Resets
    • Admin - with Corporate Keys
    • User - Self-Serve Reset
  • Active Directory / LDAP Integration
  • New Device Easy-Transfer - of Secret Keys

Zero Knowledge Encryption

Password Server has implemented End-To-End Encryption is from client to server to any other shared devices and clients.

is implemented with the following:

  • AES256-GCM
  • RSA 2048-bit Asymmetric Encryption
  • Salt, PBKDF2-HMAC SHA256 with 100,000 iterations

Zero Knowledge Security

Has the following benefits:

  • Protects secrets from Hosting / Cloud Partners
  • Protects secrets from Internal threat actors
  • Provides another layer of encryption
    • on the database & server
    • in transit from the device

Go Passwordless!

Passwordless Encryption Method

At this time this layer of encryption is enabled via General Systems, allowing the administrative user to decide which workflows they wish to enable

  • User Secret Keys - which can be stored on any the user's device(s)

In this method, 1 user will have 1 Secret Key across devices.

 

Alternatively, you may choose to base encryption on: 

  • Encryption Passwords, or
  • Secret Keys & Encryption Passwords (both methods)

Device Level Encryption

Each web application client will encrypt/decrypt using the user's encryption keys, which are based on the method (above) chosen by the administrator.

Zero Knowledge Passwords

Secret fields which are encrypted with this method are visibly indicated with a secure shield and include:

  • Passwords, TOTP Secrets

Expect additional fields in the future....