While your files are encrypted locally in your browser using our Zero-Knowledge protocol, the journey they take from your MacBook to our AWS S3 buckets must also be invisible to prying eyes. This is where HTTPS and SSL/TLS come into play.
What is HTTPS?
Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP. It ensures that all communication between your browser and Ice Vault is encrypted. According to Wikipedia, the main motivation for HTTPS is authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit.
SSL/TLS: The Encryption Layer
The 'S' in HTTPS stands for 'Secure', which is provided by the Transport Layer Security (TLS) protocol (the successor to SSL). This creates an encrypted 'tunnel' that prevents hackers from performing Man-in-the-Middle (MitM) attacks.
How It Works at Ice Vault
When you upload a file, three layers of protection are active:
- Local Encryption: Your file is encrypted with AES-256-GCM before it even reaches the 'tunnel'.
- TLS Encryption: The encrypted data package is wrapped in another layer of TLS encryption for transport.
- Server-Side Shield: Our AWS infrastructure uses certified SSL certificates to verify our identity, so you know you are talking to the real Ice Vault.
Why Certificates Matter
A website's SSL certificate is like a digital passport. It is issued by a Trusted Certificate Authority (CA). As explained by Cloudflare, SSL certificates make it possible for websites to move from HTTP to HTTPS, which is more secure.
Technical Fact
Ice Vault uses 2048-bit RSA keys for its SSL certificates, making it computationally impossible for attackers to sniff your traffic even on public Wi-Fi networks in airports or cafes.
Conclusion
Security is about layers. By combining Zero-Knowledge local encryption with industry-standard HTTPS transit security, we ensure that your data is safe from the moment you select a file until it is safely tucked away in our Glacier deep archives.