Send Encryption Process
All Sends are automatically end-to-end encrypted, which means that WALLIX Enterprise Vault encrypts the data in the Send Link and the client-browser uses the encryption key to decrypt the data once received.
Send Encryption
Here is how it works:
- When a Send is created a 128-bit secret key is generated for that Send.
- A 512-bit encryption key is derived from the 128-bit secret key.
- The Send is AES-256 encrypted using the derived 512-bit encryption. Data (plain text or file) and the Metadata (Name, Filenme, Notes, etc.) are included in the encryption.
- The Encrypted Send is uploaded to WALLIX Servers. The
UniqueSend ID (used to identify the Send fordecryptiondecryption) is included in upload. The Encryption Key is not included in the upload.
If the Send is Password-Protected, the Password is not included in Send Encryption or Decryption.Decryption. However, a Send is decrypted only after the Password is entered successfully.
Send Decryption
Here is how it works:
- When a Send Link is accessed, the Web Browser requests the Send Access Page from WALLIX Servers.
- The Send Access Page is returned from WALLIX Servers as a Web Vault Client.
- The URL Fragment (containing Send ID and Encryption Key) is parsed locally by the Web Vault Client.
- Using the parsed Send ID, the Data is requested from WALLIX Servers by the Web Vault Client.
- The Encryption Key is never included in Network Requests.
- The Encrypted Send is returned from WALLIX Servers to the Web Vault Client.
- Using the Encryption Key, the Encrypted Send is Decrypted locally by the Web Vault Client.