Encryption overview

Authentication & Encryption password

Termius offers two types of authentication:

• Email + Encryption Password

• Single sign-on (SSO). After successful SSO authentication, the app still requires the encryption password to access vaults.

The app uses a modified SRP6a protocol to communicate with the server without sending the password or password hash over the network.

To complete the authentication, the client and the Termius Cloud must prove that each party has the same key:

1. The cloud sends the client a random piece of data, a salt to be used with the Argon2id password hash algorithm, and a user identifier.

2. The client sends the cloud a random piece of data and a client proof.

3. The cloud sends the client a server proof, an encrypted API Key, and a salt.

4. The client validates the server proof and decrypts the API Key.

Personal vault

Termius uses a hybrid encryption approach for the Personal vault. The key steps of the encryption algorithm are below:

1. Termius generates a random key pair during account creation.

2. Using the key pair, the app generates the user's personal encryption key.

3. The personal encryption key is used to encrypt all user data, such as hosts, groups, and keys.

4. The private key is encrypted using the user's encryption password.

5. The app syncs the encrypted key via Termius Cloud to other devices.

Your encryption password always stays with you. It is never stored alongside your data, and never sent over the network. No one can read data in the Personal vault without the encryption password.

Team vault and custom team vaults

Termius uses a hybrid encryption approach for all team vaults.

On the team member's side

1. When a team member joins Termius, the app generates a key pair. It is used for their Personal vault; see above.

2. Each team member's public key is then shared with the team owner.

On the team owner's side

1. When a team owner invites a team member, Termius generates a separate encryption key for the Team vault and custom team vaults.

2. Termius encrypts the vault encryption keys using the team member's public key. Termius uses the team owner's private key to create the MAC.

3. Encrypted vault keys are then sent to team members via the Termius cloud.

On the team member's side

1. Termius sends encrypted vault keys to all members with access to these vaults.

2. The app decrypts vault keys with the member's private key stored in their Personal vault and uses the team owner's public key to verify the MAC.

Technical details

Termius uses Libsodium version 1.0.20 and a custom C++ binding for iOS, Android, and Desktop applications. Termius uses the following APIs in Libsodium:

• For public-key encryption: crypto_box_keypair, crypto_box_easy, and crypto_box_open_easy use the X25519 key exchange, XSalsa20 stream cipher, and Poly1305 MAC.

• For secret-key encryption: crypto_secretbox_keygen, crypto_secretbox_easy, crypto_secretbox_open_easy – it uses the XSalsa20 stream cipher and the Poly1305 MAC.

• For password hashing: crypto_pwhash with options: OPSLIMIT_INTERACTIVE, MEMLIMIT_INTERACTIVE, and ARGON2ID13.

• For generating a nonce: randombytes_buf.

Termius uses the SRP implementation from Botan and gRPC over TLS as the transport for the SRP protocol. Termius uses Botan version 3.2.0 and a custom C++ binding for iOS, Android, and Desktop applications.

The encryption key and key pair are stored on devices, namely in:

• iOS: Keychain.

• Android: shared preferences, encrypted by a key stored in Android Keystore.

• Desktop: Electron IndexedDB encrypted by a key stored in OS Keychain when Keychain is available and in localStorage as a fallback.

If you have any security concerns, you can write to us at [email protected].