The Digital Safe certified CSPN by ANSSI.

Beyond the robustness of the encryption mechanisms used, the LockSelf safe is the result of in-depth reflection on the integrity of the data entrusted to us.

A 100% French suite of solutions


For those who can tolerate no leaks.

Logo Altran
Logo EY
Logo RTE
Logo Primobox
Logo France TV
Logo BNP Paribas
Logo Bouygues Telecom

Security Functions

The product implements various security functions to ensure the confidentiality of the content of the LockSelf safe.

Storage, communication, and authentication

The login password

The password set by the user upon creating their account, which is used to log in to the LockSelf platform, is stored in the database after being hashed.

The PIN code of each user

The PIN code defined by the user upon account creation is not stored in the database; it is only used in generating the RSA keys to encrypt the user's private key before its storage in the database.

The passwords stored in LockPass

LockPass is a tool integrated into LockSelf for storing and securing a pair of login/password credentials.

The passwords are encrypted asymmetrically using each user's RSA key pair.

The files stored in LockFiles/LockTransfer

Files managed via LockTransfer are encrypted symmetrically in AES256 CBC with a passphrase and the password chosen by the sender.

The files stored in LockFiles are encrypted symmetrically in AES256 CBC with a passphrase.

Communications between the clients and their safe

All network exchanges between the LockSelf server and the connected clients are made through the HTTPS protocol using at least TLS 1.2.

The use of HSTS enforces the use of HTTPS and blocks any communication done in HTTP or with a self-signed certificate.

Client authentication on the safe

Each LockSelf user must authenticate via two-factor authentication to access the data intended for them.

The second step of this authentication involves decrypting the user's RSA private key to validate their authentication.

Cryptographic Functioning

Each of the security functions introduced above can be specified in their operation.

From key management to authentication

Key Management

Each user benefits from a unique 2048-bit RSA key pair generated upon account creation, by a call to the precompiled OpenSSL package.

The private key of this generated pair is encrypted before database storage in AES 256 CBC using salts and includes, among other things, the PIN code chosen by the client corresponding to the second step of authentication to LockSelf.

Data Storage

Each file stored on LockSelf is encrypted in AES256 CBC via a call to the precompiled OpenSSL binary.

The password defined by the user is included in the passphrase and is hashed in blowfish before being stored in the database to be verified during the user's authentication.

The passwords stored by the user in the LockPass tool are encrypted using each user's RSA public key.

They are decrypted by first decrypting the user's private key, then decrypting the password itself using the user's private key.

Communication between the client and the server

The LockSelf server uses at least TLS 1.2 for HTTPS.

Any HTTP connection is forced to HTTPS.

The TLS server relies on an Apache2 web server (version from the Ubuntu repositories) and only accepts connections on port 443.

Authentication to the safe

Access to LockSelf is done by two-factor authentication. A login/password is first required, and if correct, the 6-digit PIN code is requested.

Access to encrypted data is conditioned by knowing the PIN to decrypt the user's RSA private key.

I would like

LockSelf Know More Background V1

to learn more

LockSelf Know More Background V2

about LockSelf

Contact us or test the solution for free!