LogoLogo
  • Introduction
  • Product Overview
    • Send and Sign Contracts
      • Login
      • Upload Contract or Select from Template Library
      • Add Recipients
      • Customize Signing Fields
      • Encrypt and Send
      • Sign Contracts
      • Manage Contracts
      • Settings
    • Contract Verification
    • Contract Template Library
    • Contract Password Manager
  • A Deeper Dive
    • Technical Details
      • Cryptographic Signatures
      • Data Encryption
      • Signature Verification
      • Storage Architecture
    • Legality
  • For Community Members
    • Brand Assets
  • Staying Connected
    • Social Media
Powered by GitBook
On this page
  • Encryption Methods
  • Unencrypted
  • AES-256-GCM - Password Encryption
  • AES-256-GCM + ECIES - Wallet-based Encryption
  • Encryption Workflow

Was this helpful?

Export as PDF
  1. A Deeper Dive
  2. Technical Details

Data Encryption

EthSign offers three different tiers of encryption.

At EthSign, we take data privacy extremely seriously. If document encryption is enabled, none of the encrypted data leaves the browser unencrypted. In other words, if our users choose to encrypt their data, nobody aside from the intended recipients can decrypt it, not even us.

Encryption Methods

EthSign offers three different tiers of encryption:

  1. Unencrypted

  2. AES-256-GCM: Symmetric password; Advanced Encryption Standard with Galois Counter Mode

  3. AES-256-GCM + ECIES: Asymmetric passwordless; Advanced Encryption Standard with Galois Counter Mode + Elliptic Curve Integrated Encryption Scheme

The encryption method used throughout a signing session is dictated by the initiator.

Note: "Signing Session" refers to the process during which users send and sign a specific document.

Unencrypted

All data is viewable by anyone else. It is extremely important to keep in mind that unencrypted data can be seen by everyone and once submitted to Arweave, it will become permanently visible to the entire world. There are cases where transparency is needed, but to avoid users disabling encryption by accident, we display a stern warning if the user attempts to submit data unencrypted.

AES-256-GCM - Password Encryption

AES-256-GCM is a symmetric encryption algorithm. It's been widely used and battle-tested over many years. When making use of this encryption method, all recipients must possess a copy of the passphrase that generates the AES key. This key must be kept secret and EthSign does not natively facilitate the key exchange.

AES-256-GCM + ECIES - Wallet-based Encryption

Elliptic Curve Integrated Encryption Scheme is an asymmetric encryption algorithm, meaning the information needed to perform encryption is different from the information needed to perform decryption. In this case, a public key is used to encrypt data while the corresponding private key is needed to decrypt data. In the context of EthSign, using ECIES means nobody needs to memorize any passwords of any kind since the data is locked to every recipient's public encryption key.

Encryption Workflow

This is a sequence diagram showcasing the encryption workflow. The word gibberish simply means the data is encrypted and thus opaque to us and everyone aside from the intended recipients.

PreviousCryptographic SignaturesNextSignature Verification

Last updated 5 months ago

Was this helpful?

This is somewhat similar to which made use of MetaMask's API. However, this API is now deprecated, and although a has been submitted, it is still in the draft stage. In addition, we had to make encryption universal across different blockchains (secp256k1 + curve25519), so we decided to establish our own encryption system, branded as EthSign Password Manager.

To learn how EthSign Password Manager works in detail, refer to .

EthSign 4's 1-Tap Encryption
eth_decrypt
new encryption EIP
How EthSign Handles Your Secrets
Encryption Workflow