Overview

Two levels of data protection

Passwork protects your passwords on two levels. Server-side encryption always works — all password data is automatically encrypted with the AES-256-CFB algorithm before being written to the database. This mechanism requires no action from the administrator.

Client-side encryption (CSE) adds a second layer of protection. When enabled, data is encrypted in the user's browser, mobile app, or extensions, and only encrypted text reaches the server. By default, this mode is disabled, so users work without master passwords — this simplifies everyday use of the system.

How client-side encryption works

When client-side encryption is enabled, a chain of keys is created for:

• Users
• Vaults
• Entries (passwords and labels)
• Password links

The user sets a master password, from which a master key is derived via the PBKDF2 algorithm. This key decrypts the user's private RSA key, which in turn provides access to the vaults' master keys. Using the vault's master key, the system decrypts the entry's master key, and the entry's master key allows decrypting the password data.

Users can share a password within Passwork without adding another user to the vault. In this case, using the user's private RSA key, the system decrypts the specific entry's master key.

Main scenarios:

• Through the vault: User's master password → User's master key → User's private RSA key → Vault's master key → Entry's master key → Password data;
• Through the incoming section: User's master password → User's master key → User's private RSA key → Entry's master key → Password data.

It is important to note that all keys (RSA, vault master key, entry master key) are generated on the client side (in the browser) using cryptographic algorithms and are not transmitted to the server in plaintext, making decryption of data on the server side impossible.

On the client, all password fields, additional fields, TOTP secrets, attachments, and all entry revisions are encrypted. At the same time, entry names, primary login, tags, URLs, and comments are not encrypted on the client because search is performed on these fields.

The scheme with separate keys for vaults and entries allows implementing a Zero Knowledge scheme and End-to-End encryption both for specific passwords and for shared vaults.

When to use client-side encryption

Client-side encryption is recommended to be enabled to ensure a Zero Knowledge model when Passwork is hosted in the cloud or when compliance with security standards (in your company or globally) is required. Client-side encryption is especially important when storing critically important data — root accounts, SSH keys, or seed phrases.

If Passwork is deployed in an isolated corporate network under full organizational control, server-side encryption is usually sufficient. In this case, the absence of master passwords simplifies user work.

Setup and access recovery

The user's master password is never transmitted to the server. Therefore, if a user forgets their master password, it cannot be recovered. Without the master password, the user will not be able to log in to the system or decrypt their data.

In such a case, the Passwork administrator can reset the user's master password, after which the user can set a new master password (and generate a new pair of RSA keys).

Vault or folder administrators must re-approve such a user in the vaults, after which all rights are restored automatically.

Working with groups

Client-side encryption is compatible with the group system and LDAP synchronization. When a user is added to a group, access requests are created for all related vaults. The vault administrator approves the request, and the vault's master key is securely transmitted via RSA encryption. This ensures a Zero Knowledge scheme while maintaining automation through groups.

Technical implementation

The system uses proven cryptographic algorithms: PBKDF2-SHA-256 for key derivation, AES-256-CFB for data encryption, RSA-2048 for secure transmission of vault keys. Client-side encryption is supported in all official Passwork clients — web interface, browser extensions, and mobile applications. For server integrations, a Python connector with the same encryption logic is available.

Enabling client-side encryption