Contract Password Manager

Contract Encryption

At EthSign, data privacy is one of our top priorities.

Users are advised to encrypt their EthSign contract data for enhanced security every time contract data is committed to decentralized storage. Due to the multi-chain nature of EthSign, users must generate their own passwords.

EthSign Password Manager

EthSign Password Manager enables secure and wallet-based password storage and sharing, so users never have to worry about remembering contract passwords.

How EthSign Password Manager Works

1. Random bytes are locally generated as the decryption private key.

2. A random message is locally generated and signed by the user. The resulting digital signature is hashed to 256 bits and used as the ECIES private key. For incompatible wallets, a master password is used in place of a digital signature.

3. A public encryption key is then derived, signed, and sent to EthSign to enable password sharing capabilities. The random message is also sent to EthSign so users can regenerate their ECIES private key when they switch devices.

4. Possession of the random message alone does not compromise the security of this system and EthSign keeps a copy of this random message to prevent users from losing access to their encrypted data forever.

5. When sensitive data needs to be shared, it is encrypted to the recipient’s public encryption key which is stored with EthSign. When encrypted data needs to be decrypted, the user retrieves the random message from EthSign, signs it, and derives the private key locally to decrypt.

For more information, see How EthSign Handles Your Secrets.