Encryption and security architecture

Data encryption in VIPole is always performed on the client side, and encryption keys are available to the user only. Data is transmitted encrypted to the web and to the server, and only the user can decrypt it. Therefore, no third party, including the service provider, can intercept or disclose the user data.
VIPole uses strong cryptographic algorithms for data protection:
  • AES-256 for symmetric encryption;
  • RSA with 3072 bit key for asymmetric encryption.
All messages are sent and stored on the server in secured VIPole containers. VIPole encrypted container includes symmetric and asymmetric encryption blocks and is based on the principle similar to S/MIME e-mail protection algorithm.
  • Protected data is encrypted with the symmetric algorithm using a one-time key of the container symmetric encryption;
  • VIPole ID of the sender , a one-time symmetric encryption key is encrypted with the asymmetric algorithm using the public key of the sender
  • VIPole ID of the receiver , a one-time symmetric encryption key is encrypted with the asymmetric algorithm using the public key of the receiver.
The original message is encrypted symmetrically (AES-256) using a one-time encryption key. The one-time encryption key is then encrypted asymmetrically (RSA) using the sender’s and the receivers’ public keys. Therefore, only the sender and the receivers can decrypt the one-time key with their private keys and then decrypt the message.

Encryption key management

Data protection level is defined not only by the encryption algorithm being used, but also by the system of creating, storing and transmitting encryption keys.
The core feature of VIPole security system is that only the users have access to the keys for decrypting their data. This is why no one else, including VIPole employees, is able to read the user data that is transferred and stored in the system.

Data transmission

VIPole protects all transmitted data from interceptions and eavesdropping. Along with transferring data in secured containers, VIPole additionally protects data transmission channels.
VIPole uses two types of channels:
  • Client-server connections – basic connection to VIPole server, enabling all client-server interactions;
  • Direct user-to-user channels for voice and video transmission.

Data storage

VIPole stores all user data encrypted both on devices and on the server. Chat history, files and account information are stored in local encrypted databases on users’ devices.
Database encryption master key is generated at the database creation and is stored only on the device. The key is stored encrypted; the secret phrase and the private key of the user are used to decrypt it.

Encrypted database on the device

Each page of the user profile database is encrypted with the AES-256 symmetric encryption algorithm using a one-time key.

Secure file storage

VIPole ensures the uniform protection for all user data stored in VIPole and transmitted via VIPole. Encryption is applied to files transferred via VIPole as well: files are not only transmitted encrypted, they are also stored encrypted on VIPole servers and on the devices of the users.
Special VIPole virtual drives are used for working with encrypted files on the user device. These drives are used to decrypt files when working with them in any program on the device.

More about VIPole security

Kapat XX