/

Zero-Knowledge Encryption

ByteHide Storage provides two levels of encryption: standard AES encryption and quantum-resistant encryption. Both ensure that your data remains private and secure, as files are encrypted before leaving your application.

Zero-Knowledge Security

ByteHide operates under a zero-knowledge model - we never have access to your encryption keys or their management. The encryption phrase used for encryption MUST match exactly when decrypting files. If the phrases don't match, decryption will fail.

Secure Key Management

We strongly recommend using ByteHide Secrets to securely manage your encryption phrases and cryptographic keys. This ensures your keys are stored securely and can be rotated safely.

Standard Encryption (AES)

Use AES-256 encryption for standard security needs:

// Enable encryption for a specific operation
storage
    .In("secure/documents")
    .Encrypt()
    .FromFile("confidential.pdf", "local/report.pdf");

// Chain with other operations
storage
    .In("secure/config")
    .Encrypt()
    .Compress()
    .Set("settings.json", jsonContent);

AES-256

Standard encryption uses AES-256 in GCM mode, providing both confidentiality and authenticity of your data.

Quantum-Resistant Encryption

For future-proof security against quantum computers, use quantum-resistant encryption:

// Initialize with specific quantum algorithm
var storage = new StorageManager(
    "<token>",
    "<phrase>",
    quantumAlgorithm: QuantumAlgorithmType.Kyber1024
);

// Enable quantum encryption for an operation
storage
    .In("quantum/data")
    .EncryptWithQuantum()
    .FromFile("sensitive.dat", "local/data.dat");

Available Quantum Algorithms

Choose from multiple quantum-resistant algorithms:

// Kyber1024 (default) - Highest security level
var storage = new StorageManager(quantumAlgorithm: QuantumAlgorithmType.Kyber1024);

// Kyber768 - Balance of security and performance
var storage = new StorageManager(quantumAlgorithm: QuantumAlgorithmType.Kyber768);

// Kyber512 - Optimized for performance
var storage = new StorageManager(quantumAlgorithm: QuantumAlgorithmType.Kyber512);

Automatic Decryption

The SDK automatically handles decryption for both standard and quantum-encrypted files:

// The SDK detects encryption type and decrypts automatically
string content = storage.GetText("secure/documents/confidential.pdf");
byte[] data = storage.GetBytes("quantum/data/sensitive.dat");

// No need to specify decryption method
storage.SaveToDisk("secure/config/settings.json", "local/settings.json");

SDK Required

Encrypted files must be downloaded using the ByteHide Storage SDK to ensure proper decryption. Direct URL downloads won't be able to decrypt the files.

Best Practices

  1. Key Management:

    • Store encryption phrases securely using ByteHide Secrets
    • Never hardcode encryption phrases in your code
    • Use different phrases for different environments (development, staging, production)
  2. Key Rotation:

    • Plan for key rotation scenarios
    • Keep track of which keys were used for which files
    • Re-encrypt files when rotating keys
// Example using ByteHide Secrets for key management
var secrets = new SecretsManager("<secrets_token>");
string encryptionPhrase = await secrets.Get("storage_encryption_phrase");

var storage = new StorageManager("<storage_token>", encryptionPhrase);

Key Loss

If you lose your encryption phrase, there is no way to recover the encrypted files. Make sure to securely back up your encryption phrases and consider using ByteHide Secrets for reliable key management.

Post-Quantum Algorithms

Learn more about our quantum-resistant algorithms:

Quantum Protection Overview

Understanding post-quantum cryptography and its implementation in ByteHide Storage.

Kyber Family

MLKEM Family

Additional Algorithms

Algorithm Selection

Different quantum-resistant algorithms offer varying levels of security and performance. Review our Quantum Protection Overview to choose the best algorithm for your needs.

Previous
Resource Management