Crypt-o architecture

---

Crypt-o is a Client/Server application. The Crypt-o Server component accepts and serves secure TLS connections from Crypt-o Client applications. To verify the server identity the Crypt-o Client checks a fingerprint of the server's TLS certificate during connection. Such technique protects against man-in-the-middle hacker attacks.

Once a client connection has been established, the Crypt-o Client asks  for a user name and password to log on to the server. Crypt-o Server supports both built-in user accounts and Windows domain user accounts for authentication.

After logon of a user, the Crypt-o Client allows the user to work with data stored on the server. User permissions are validated by Crypt-o Server during every client request. Thus, even a hacked version of the client will not be able to bypass permissions checks.

Crypt-o Server uses Firebird SQL Server Embedded to store all data. Firebird databases are encrypted using AES encryption algorithm with 256-bit key. During logon, a password of each user account is transformed using SHA-256 hash algorithm, applied several thousand times. After that the resulting hash is used to decrypt a key, used for decryption of the master database. Such approach guarantees data protection even if someone will get the physical database files from the server computer.