Zero-Knowledge Encryption
ByteHide Storage provides two levels of encryption: standard AES encryption and quantum-resistant encryption. Both ensure that your data remains private and secure, as files are encrypted before leaving your application.
Zero-Knowledge Security
ByteHide operates under a zero-knowledge model - we never have access to your encryption keys or their management. The encryption phrase used for encryption MUST match exactly when decrypting files. If the phrases don't match, decryption will fail.
Secure Key Management
We strongly recommend using ByteHide Secrets to securely manage your encryption phrases and cryptographic keys. This ensures your keys are stored securely and can be rotated safely.
Standard Encryption (AES)
Use AES-256 encryption for standard security needs:
// Enable encryption for a specific operation
storage
.In("secure/documents")
.Encrypt()
.FromFile("confidential.pdf", "local/report.pdf");
// Chain with other operations
storage
.In("secure/config")
.Encrypt()
.Compress()
.Set("settings.json", jsonContent);
AES-256
Standard encryption uses AES-256 in GCM mode, providing both confidentiality and authenticity of your data.
Quantum-Resistant Encryption
For future-proof security against quantum computers, use quantum-resistant encryption:
// Initialize with specific quantum algorithm
var storage = new StorageManager(
"<token>",
"<phrase>",
quantumAlgorithm: QuantumAlgorithmType.Kyber1024
);
// Enable quantum encryption for an operation
storage
.In("quantum/data")
.EncryptWithQuantum()
.FromFile("sensitive.dat", "local/data.dat");
Available Quantum Algorithms
Choose from multiple quantum-resistant algorithms:
// Kyber1024 (default) - Highest security level
var storage = new StorageManager(quantumAlgorithm: QuantumAlgorithmType.Kyber1024);
// Kyber768 - Balance of security and performance
var storage = new StorageManager(quantumAlgorithm: QuantumAlgorithmType.Kyber768);
// Kyber512 - Optimized for performance
var storage = new StorageManager(quantumAlgorithm: QuantumAlgorithmType.Kyber512);
Automatic Decryption
The SDK automatically handles decryption for both standard and quantum-encrypted files:
// The SDK detects encryption type and decrypts automatically
string content = storage.GetText("secure/documents/confidential.pdf");
byte[] data = storage.GetBytes("quantum/data/sensitive.dat");
// No need to specify decryption method
storage.SaveToDisk("secure/config/settings.json", "local/settings.json");
SDK Required
Encrypted files must be downloaded using the ByteHide Storage SDK to ensure proper decryption. Direct URL downloads won't be able to decrypt the files.
Best Practices
Key Management:
- Store encryption phrases securely using ByteHide Secrets
- Never hardcode encryption phrases in your code
- Use different phrases for different environments (development, staging, production)
Key Rotation:
- Plan for key rotation scenarios
- Keep track of which keys were used for which files
- Re-encrypt files when rotating keys
// Example using ByteHide Secrets for key management
var secrets = new SecretsManager("<secrets_token>");
string encryptionPhrase = await secrets.Get("storage_encryption_phrase");
var storage = new StorageManager("<storage_token>", encryptionPhrase);
Key Loss
If you lose your encryption phrase, there is no way to recover the encrypted files. Make sure to securely back up your encryption phrases and consider using ByteHide Secrets for reliable key management.
Post-Quantum Algorithms
Learn more about our quantum-resistant algorithms:
Quantum Protection Overview
Understanding post-quantum cryptography and its implementation in ByteHide Storage.
Kyber Family
- Kyber512 - High performance, NIST Level 1
- Kyber768 - Balanced, NIST Level 3
- Kyber1024 - Maximum security, NIST Level 5
MLKEM Family
Additional Algorithms
- Sntrup761 - NTRU Prime-based alternative
- FrodoKem1344Shake - Conservative security choice
Algorithm Selection
Different quantum-resistant algorithms offer varying levels of security and performance. Review our Quantum Protection Overview to choose the best algorithm for your needs.