Local Data Encryption

Secure local storage using hardware-derived AES keys and authenticated encryption.

Overview

GetTrusted uses AES-256-GCM encryption with hardware-generated keys for all local databases. This ensures that even if a device is compromised, sensitive user data remains unreadable without the hardware-protected key.

Process Flow

Cryptographic Summary

Component

Algorithm

Key Size

Storage Location

Purpose

RNG

Hardware RNG

256 bit

N/A

Entropy source

Encryption

AES-GCM

256 bit

Keychain / Keystore

Data confidentiality + integrity

Nonce

Random 12 bytes

96 bit

Stored with ciphertext

Prevent reuse

Tag

AES-GCM Auth Tag

128 bit

Stored with ciphertext

Integrity verification

Security Guarantees

Encryption keys are generated and stored in hardware; they never leave the secure element.
Every record is encrypted with a unique nonce, ensuring semantic security.
Authenticated encryption (GCM) ensures tampering detection.
Decryption requires both the stored key and correct device context.

Strategic Implications

This design makes local compromise worthless — stolen databases are cryptographically inert. It demonstrates GetTrusted’s commitment to privacy-by-default, not as an afterthought.

PreviousHardware Key Operations NextIdentity Creation

Last updated 5 months ago

hashtagOverview

hashtagProcess Flow

hashtagCryptographic Summary

Overview

Process Flow

Cryptographic Summary