Your data is safe with us.

Here you can read about how data is stored on Promise. All data shown is actual data from the production database.

Email

If, for example, you use e-mail test@example.com to sign in to Promise. We represent that e-mail on our servers like this:

lz3+Rj7IV4X1+Vr1ujkG7tstkxwk5pgkqJ6mXbpOgTtFjKuQI81KwYmPm9fqvmKwfnr/8qQO555ApL3ATooRrH0xR/g39ilbqnAG16lU0SxskxNqJ8KVkkb31Xv9bHxq

This is the combined SHA-256 and BLAKE2b. That means that your e-mail is not even persisted in a format that can be decrypted and reveal your actual e-mail.

To show your e-mail in the browser it is stored in an encrypted cookie in your browser. This is not stored on the server.

Vault

All your data, i.e. your identifiers for relying parties, are stored in a vault.

Here is a Base64 encoded example of vault data:

+E7iDqnupSjKTGr/kCf2fdNTrrohX+veSVR5TBbADiy7CEtkpTNjoT5h0czG
JE9bxwZRKkyIBOj7HkurogT61O+GDoHQpxXSrPdPtMNoN77L1vmFP7px7dkz
712lsrI/R/G1hgTkTkWEZVc8QP8FxGZA

This data is encrypted with a secret key that can only be generated by knowing your password. Meaning only you can decrypt the contents. Here is an example of such a generated key:

L+tO99A7F0D2PCuBQN/UJ9L8WMdDVP/1iEx7ztNpLTk=

This key is only stored in an encrypted cookie. It is not stored on the server.

You can use that key to decrypt the vault content cipher to this:

{
  "ids": {
    "example.com": {
      "07c5c163-875f-424c-a659-a4f99e74eb12": "default"
    }
  }
}

Recovery

In order to be able to recover your account, i.e. reset password, we have to keep an encrypted version of your vault key. This is encrypted using public key encryption. It looks like this:

U70WUp2SBO/JS/2ZZczKByJevlo9UpVkh/bC1G0JXRdpYuyBSlWcrsUM2H/piyJUdWVhdzvIA0DTe4yA4kg0YdpnTb9a2mnC

As mentioned, this is encrypted using a private and public key. To decrypt, you'll need the corresponding public and private keys.

The private key used to decrypt, is kept in at a different physical location than the production environment.

The public key, is kept in the production database.

If you do not want your account to be recoverable, all that has to be done, is to delete that public key.


Log ind
English Dansk