DEV Community

Lane Wagner
Lane Wagner

Posted on • Originally published at on

Dual Encryption

Qvault’s dual encryption allows users to require that two keys are needed to unlock their vault. A password, and a key card.

You have probably heard of two factor authentication. According to Authy:

2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are.

Usually the second factor is something you have, rather than something you know. For example, the thing you have can be a device that can receive SMS messages at a given phone number.

Qvault Key Card

Dual Encryption with Qvault cards

2FA works well for web applications and websites. But it can’t work for Qvault because ** Qvault does all encryption locally** on your computer. Local encryption is more secure because it means you don’t need to trust anything except the Qvault software (which is open source and reviewed by our community)

Qvault manufactures and issues physical plastic cards that have unique QR codes containing random and unique 256-bit encryption keys. When locking and unlocking a vault, Q Vault first encrypts the secrets using the users’ password, and then encrypts them again using the encryption key (obtained by scanning the card’s QR Code). By using dual encryption, vaults can become much more secure.

Can Qvault access a vault because it knows the QR Code?

No. For two reasons:

  1. Qvault has no way of accessing the vault’s password , which is the first level of encryption. This is known only to the user.
  2. Qvault deletes all records of each key after the manufacturing process for each card is complete.

At the time of writing, Qvault is in open beta and we invite everyone to download it, and let us know how we can improve!

Follow us on medium!

By Lane Wagner

Top comments (0)