Passwords, password and file keys remain on users’ devices and are never transferred anywhere or to anyone. User keys, group keys and your company’s keys are stored encrypted on the SDMC server. All encryption operations take place on your device, never on Stormshield servers. Neither Stormshield nor the service host can access the private keys of your solution’s internal users.
The following table lists the cryptographic algorithms used in SDS for C&M.
|Asymmetric key encryption||RSA PKCS 1.5 and RSA OAEP||2048 & 4096 bits|
|Symmetric key encryption||AES Key Wrap||256 bits|
|Symmetric data encryption||AES CBC Padding PKCS#7||256 bits|
|HMAC||HMAC SHA-256||256 bits|
|Password protection of keystore||PBKDF2||10,000 rounds and 32-bit salt|
|Password derivation||SHA-256 and Argon2d||
Parallelism factor: 2
Memory cost: 8192
Salt: 128 bits