Encryption algorithms

Passwords, password and file keys remain on users’ devices and are never transferred anywhere or to anyone. User keys, group keys and your company’s keys are stored encrypted on the SDMC server. All encryption operations take place on your device, never on Stormshield servers. Neither Stormshield nor the service host can access the private keys of your solution’s internal users.

The following table lists the cryptographic algorithms used in SDS for C&M.

Process Algorithm Details
Asymmetric key encryption RSA PKCS 1.5 and RSA OAEP 2048 & 4096 bits
Symmetric key encryption AES Key Wrap 256 bits
Symmetric data encryption AES CBC Padding PKCS#7 256 bits
HMAC HMAC SHA-256 256 bits
Password protection of keystore PBKDF2 10,000 rounds and 32-bit salt
Password derivation SHA-256 and Argon2d

Parallelism factor: 2

Memory cost: 8192

Iterations: 33

Salt: 128 bits