Skip to content

Quadruple Encryption & WebAuthn Digital Paper Wallet (DPW)

Overview

UnoLock introduces the most advanced security measures for safeguarding your cryptocurrency private keys. The Quadruple Encryption & WebAuthn Digital Paper Wallet (DPW) feature ensures unmatched security for your private keys, protecting them from even the most advanced threats through quadruple encryption and WebAuthn-based authentication. This feature enhances UnoLock’s Digital Paper Wallet (DPW) by applying multiple layers of AES-256 encryption and FIDO2-compliant authentication, ensuring that private keys remain secure at rest, in transit, and during access, providing robust protection for cryptocurrency assets.

How It Works

  1. Private Key Generation and Initial Client-Side Encryption
  2. Local Generation: Private keys are generated locally within the UnoLock client, ensuring they never leave your device in plaintext.

  3. Client-Side Encryption: Upon generation, the private key is encrypted using AES-256 GCM with your unique encryption keys, providing immediate protection.

  4. Server-Side Encryption of the Client-Encrypted Private Key

  5. Secure Transmission: The client-side encrypted private key is securely transmitted to UnoLock servers.

  6. Additional Encryption Layer: On the server, the private key undergoes a second encryption layer using a client-specific AES-256 key managed by AWS KMS (Key Management Service).

  7. Client-Side Encryption of the Entire Wallet Document

  8. Comprehensive Encryption: The entire wallet document, including the doubly encrypted private key, is encrypted on your device with AES-256 GCM encryption.

  9. Data Integrity: Ensures all wallet data remains confidential, tamper-proof, and protected against unauthorized access.

  10. AWS Storage with Server-Side Encryption (SSE)

  11. Secure Storage: The encrypted wallet document is stored in AWS S3 with AES-256 encryption and replicated across multiple data centers for redundancy, ensuring resilience against data loss.

  12. WebAuthn Authentication for Access

  13. FIDO2-Compatible Devices: Access requires a FIDO2-compatible device, such as YubiKeys, biometric scanners, or secure mobile devices.
  14. Public-Key-Based Authentication: This ensures only you, with your registered device, can decrypt and access the private key.

Decryption Process:

  1. Authentication
  2. WebAuthn Challenge: Access begins with a secure WebAuthn challenge through your registered FIDO2 device.

  3. Verification: Public-key cryptography securely verifies your identity without exposing sensitive information.

  4. Server-Side Decryption

  5. Decrypting Server Layer: The server decrypts the private key using the server-side AES-256 key managed by AWS KMS.

  6. Secure Transmission: The encrypted private key is securely sent back to your device for final decryption.

  7. Local Decryption

  8. Client-Side Final Decryption: Your client decrypts the private key using your unique encryption keys, ensuring it remains accessible only within your secure environment.
  9. Operational Security: The private key is stored only in memory and is never saved in plaintext.

Security Implications

  • Unparalleled Security Layers: Four layers of AES-256 encryption protect private keys at rest and in transit, minimizing exposure to cyber threats.
  • End-to-End Protection: Private keys are never exposed in plaintext, mitigating risks of unauthorized access or interception.
  • Controlled Access: WebAuthn authentication ensures only the authorized user with a registered FIDO2 device can decrypt the private key, preventing access even in compromised systems.
  • Data Resilience: Secure AWS S3 storage with multi-region redundancy protects against data loss, ensuring availability of encrypted wallet documents.
  • Tamper-Proof Integrity: Multiple encryption layers and client-side processing ensure wallet data remains confidential and unaltered.

Use Cases

  • Cryptocurrency Security: Individual investors can store private keys with maximum protection, using quadruple encryption and WebAuthn for secure access to digital assets.
  • Enterprise Asset Management: Businesses managing cryptocurrency holdings can leverage this feature for cold-storage-like security with controlled access, ensuring compliance with high-security standards.
  • High-Risk Environments: Users in sensitive roles, such as financial executives or crypto traders, can protect private keys against advanced threats, with robust authentication and encryption.

Why It Matters

UnoLock’s Quadruple Encryption & WebAuthn security feature represents a significant advancement in cryptocurrency key management. By combining client-side encryption, multi-layered security, and modern WebAuthn-based authentication, UnoLock ensures that private keys remain fully protected from generation to use. This comprehensive approach provides peace of mind for users managing sensitive digital assets, safeguarding them against evolving cyber threats while maintaining ease of access and usability.

FAQs

How does quadruple encryption enhance private key security?

Four layers of AES-256 encryption ensure that private keys are protected at every stage, generation, transmission, storage, and access, making unauthorized access nearly impossible.

What happens if I lose my FIDO2 device?

You can register multiple FIDO2 devices or use backup authentication methods configured in UnoLock, but without a registered device, access may be restricted to ensure security.

Can UnoLock access my private key?

No, UnoLock’s zero-knowledge architecture ensures that private keys are encrypted client-side and never accessible to UnoLock servers or staff.

Compliance & Privacy Regulations

  • GDPR & HIPAA Compliance: The feature ensures that no personal data or sensitive information is exposed online or shared with third parties, supporting compliance with GDPR, HIPAA, and other data protection regulations by maintaining user control over encrypted keys.

Integration with Other Features

  • Digital Paper Wallet (DPW) for Cryptocurrency Management: Enhances the standard DPW by adding quadruple encryption and WebAuthn, providing advanced security for offline key storage.
  • Client-Side Encryption Using AES-256 GCM: Leverages UnoLock’s client-side encryption framework to ensure all key operations remain secure and private.