Folder encryption
Tresorit encrypts all uploaded files and folders using AES-256 symmetric encryption in OpenPGP CFB mode (RFC 2440).
- Each file is protected with its own unique, randomly generated 256-bit key, and every file version uses a random initialization vector (IV). As a result, even a one-bit change produces a completely different encrypted output, preventing anyone – including Tresorit – from determining what changed in a file.
- Folder hierarchy and contents (including file and folder names) are encrypted using the same method.
- All encrypted data is protected with HMAC-SHA-512 to ensure integrity and detect tampering.
Agreement keys
A common cryptographic technique is to protect symmetric keys with asymmetric encryption, such as RSA. Tresorit secures a folder's AES-256 encryption key by encrypting it separately with the RSA-4096 agreement public key of every folder member. Members can then decrypt the folder key using their own agreement private key and access its contents.
Agreement private keys are stored securely in users' roaming profiles.
Users have multiple agreement key pairs. New pairs are generated periodically and during certain actions, such as a password change. These keys are added to the roaming profile and updated across folders to ensure that cryptographic access associated with older credentials is revoked.
Group key file
Tresorit servers allow only folder members to download the group key file. Even if someone unauthorized obtained it, they would not be able to access the folder's contents without the required private key to decrypt the folder encryption key.
Each folder contains a special cloud-stored file called the group key file, which holds the folder encryption key encrypted separately for all members using their agreement public keys. This file is required to access the folder.
When a member downloads folder contents, the Tresorit application first retrieves the group key file, decrypts the folder key using the corresponding agreement private key, and then uses that key to decrypt the root folder and its contents locally.
Folder sharing
Sharing a folder works by modifying the encrypted folder key stored in the group key file. In addition, Tresorit servers enforce access controls that allow only folder members to access that folder's encrypted content. These permissions are updated whenever a folder is shared or a user's access is revoked.
Inviting a user to a folder
When a user is invited to a folder, the inviter downloads the invitee's agreement public key from Tresorit's servers, embedded in an X.509 certificate. Using Tresorit's PKI, the certificate is validated to confirm that the corresponding private key belongs to the invitee.
The inviter then uses this public key to encrypt the folder's encryption key again, adds it to the group key file, and uploads the updated file to the cloud. At the same time, Tresorit servers grant access permissions to the new member.
Once the process is complete, the folder appears in the invitee's folder list, allowing them to download the group key file and access the folder's contents as described above.
Personal data (such as a name) is not included in certificates, so sending an invitation does not disclose personal information. The agreement private key is never shared with other users and remains under the owner's control, stored in the roaming profile and locally for faster access.
Removing a user from a folder
When a member is removed from a folder, a new AES-256 folder encryption key is generated. From that point on, this key is used to encrypt folder contents (already uploaded content is not re-encrypted). Tresorit then regenerates the group key file by encrypting the new key with the agreement public keys of the remaining members. The updated group key file is uploaded, and the servers are notified to revoke that user's access permissions to the folder.
As a result, the removed user cannot access the folder with the old encryption key. They cannot download the new key from the group key file, and even if they somehow obtained it, they could not decrypt the folder's encryption key.