# Contract Password Manager

### Contract Encryption

At EthSign, data privacy is one of our top priorities.

Users are advised to encrypt their EthSign contract data for enhanced security every time contract data is committed to decentralized storage. Due to the multi-chain nature of EthSign, users must generate their own passwords.

### EthSign Password Manager

EthSign Password Manager enables secure and wallet-based password storage and sharing, so users never have to worry about remembering contract passwords.

<figure><img src="/files/g60kW2KfoPa3zTChbwAr" alt=""><figcaption></figcaption></figure>

### How EthSign Password Manager Works

1. Random bytes are locally generated as the decryption private key.
2. A random message is locally generated and signed by the user. The resulting digital signature is hashed to 256 bits and used as the ECIES private key. For incompatible wallets, a master password is used in place of a digital signature.
3. A public encryption key is then derived, signed, and sent to EthSign to enable password sharing capabilities. The random message is also sent to EthSign so users can regenerate their ECIES private key when they switch devices.
4. Possession of the random message alone does not compromise the security of this system and EthSign keeps a copy of this random message to prevent users from losing access to their encrypted data forever.
5. When sensitive data needs to be shared, it is encrypted to the recipient’s public encryption key which is stored with EthSign. When encrypted data needs to be decrypted, the user retrieves the random message from EthSign, signs it, and derives the private key locally to decrypt.

For more information, see [How EthSign Handles Your Secrets](https://medium.com/ethsign/how-ethsign-handles-your-secrets-205f3f0a439b).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ethsign.xyz/product-overview/contract-password-manager.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.