Here you can read about how data is stored on Promise. All data shown is actual data from the production database.
If, for example, you use e-mail email@example.com to sign in to Promise. We represent that e-mail on our servers like this:
This is the combined SHA-256 and BLAKE2b. That means that your e-mail is not even persisted in a format that can be decrypted and reveal your actual e-mail.
To show your e-mail in the browser it is stored in an encrypted cookie in your browser. This is not stored on the server.
All your data, i.e. your identifiers for relying parties, are stored in a vault.
Here is a Base64 encoded example of vault data:
This data is encrypted with a secret key that can only be generated by knowing your password. Meaning only you can decrypt the contents. Here is an example of such a generated key:
This key is only stored in an encrypted cookie. It is not stored on the server.
You can use that key to decrypt the vault content cipher to this:
In order to be able to recover your account, i.e. reset password, we have to keep an encrypted version of your vault key. This is encrypted using public key encryption. It looks like this:
As mentioned, this is encrypted using a private and public key. To decrypt, you'll need the corresponding public and private keys.
The private key used to decrypt, is kept in at a different physical location than the production environment.
The public key, is kept in the production database.
If you do not want your account to be recoverable, all that has to be done, is to delete that public key.