The Digital Safe certified CSPN by ANSSI.

The password set by the user upon creating their account, which is used to log in to the LockSelf platform, is stored in the database after being hashed.

The PIN code defined by the user upon account creation is not stored in the database; it is only used in generating the RSA keys to encrypt the user's private key before its storage in the database.

LockPass is a tool integrated into LockSelf for storing and securing a pair of login/password credentials.

The passwords are encrypted asymmetrically using each user's RSA key pair.

Files managed via LockTransfer are encrypted symmetrically in AES256 CBC with a passphrase and the password chosen by the sender.

The files stored in LockFiles are encrypted symmetrically in AES256 CBC with a passphrase.

All network exchanges between the LockSelf server and the connected clients are made through the HTTPS protocol using at least TLS 1.2.

The use of HSTS enforces the use of HTTPS and blocks any communication done in HTTP or with a self-signed certificate.

Each LockSelf user must authenticate via two-factor authentication to access the data intended for them.

The second step of this authentication involves decrypting the user's RSA private key to validate their authentication.

Each user benefits from a unique 2048-bit RSA key pair generated upon account creation, by a call to the precompiled OpenSSL package.

The private key of this generated pair is encrypted before database storage in AES 256 CBC using salts and includes, among other things, the PIN code chosen by the client corresponding to the second step of authentication to LockSelf.

Each file stored on LockSelf is encrypted in AES256 CBC via a call to the precompiled OpenSSL binary.

The password defined by the user is included in the passphrase and is hashed in blowfish before being stored in the database to be verified during the user's authentication.

The passwords stored by the user in the LockPass tool are encrypted using each user's RSA public key.

They are decrypted by first decrypting the user's private key, then decrypting the password itself using the user's private key.

The LockSelf server uses at least TLS 1.2 for HTTPS.

Any HTTP connection is forced to HTTPS.

The TLS server relies on an Apache2 web server (version from the Ubuntu repositories) and only accepts connections on port 443.

Access to LockSelf is done by two-factor authentication. A login/password is first required, and if correct, the 6-digit PIN code is requested.

Access to encrypted data is conditioned by knowing the PIN to decrypt the user's RSA private key.