Glossary of terms
Definitions of key terms used in the Passwork cryptography documentation.
Core entities
Vault
A vault is a container for storing records. Each vault has its own symmetric encryption key (vault key) that protects all records inside it. Vaults can be corporate (shared) or personal.
Record
A record is a unit of secret information storage. Each record contains a set of fields: name, login, password, URL, description, tags, custom fields, and attachments. A record is encrypted with its own record key.
The term "password" in Passwork context can mean either the record itself or a specific field within the record. In this documentation, we use "record" to refer to the entity and "password field" to refer to the specific field.
Record field
A field is an individual data element within a record. Fields are divided into:
- Standard fields: name, login, password, URL, description, tags
- Custom fields: arbitrary name-value pairs added by the user
- TOTP secret: secret for generating one-time passwords (two-factor authentication)
Attachment
An attachment is a file attached to a record. Each attachment is encrypted with its own attachment key (AES-256-CBC), which in turn is protected by the record key.
Folder
A folder is a way to organize records within a vault. Folders do not have their own encryption keys; records in folders are encrypted with the vault key.
User and authentication
Master password
The master password is the user's secret password known only to them. It is used to derive the master key via the PBKDF2 algorithm. The master password is never transmitted to the server and is never stored in plaintext.
User master key
The user master key is a 512-bit cryptographic key derived from the master password using the PBKDF2 function (300,000 iterations, SHA-256). It is used for:
- Encrypting the user's private RSA key (AES-256-CBC)
- Verifying master password correctness (via SHA-256 hash)
Master key hash
The master key hash is a SHA-256 hash of the user's master key. It is sent to the server to verify the correctness of the entered master password. The server compares the received hash with the stored value.
Salt
Salt is a random 20-character string unique to each user. It is used in the PBKDF2 algorithm together with the master password to derive the master key. The salt is stored on the server and transmitted to the client during authentication.
User RSA keys
A pair of 2048-bit asymmetric RSA keys generated using the WebCrypto API:
- Public key — stored on the server in plaintext. Used for encrypting vault keys when granting access.
- Private key — stored on the server in encrypted form (encrypted with the master key, AES-256-CBC). Used for decrypting vault keys.
Encryption keys
Vault key
The vault key is a random 256-bit symmetric key generated when a vault is created. It is used to encrypt record keys inside the vault (AES-256-CBC). For each user with access to the vault, a copy of the vault key encrypted with their public RSA key (RSA-OAEP) is created.
Record key
The record key is a random 256-bit symmetric key generated individually for each record. It is used to encrypt record contents (password field, custom fields, TOTP) and attachment keys (AES-256-CBC). The record key is encrypted with the vault key. A unique initialization vector (IV) is automatically generated for each encryption operation.
Attachment key
The attachment key is a random 256-bit symmetric key generated for each file. It is used to encrypt the binary file contents (AES-256-CBC). The attachment key is encrypted with the record key.
Server encryption key
The server key is a 256-bit symmetric key stored on the server in a file. It is used for additional data encryption before saving to the database (AES-256-CFB via OpenSSL).
Tokens and sessions
Access Token
The Access Token is a 256-bit (44 Base64 characters) access token. Used for authenticating API requests. Default lifetime: ~2.8 hours (10,000 seconds).
Refresh Token
The Refresh Token is a 256-bit refresh token. Used to obtain a new Access Token without re-entering credentials. Default lifetime: 36 hours (129,600 seconds).
Local Storage Secret Code
The Local Storage Secret Code is a random token (~596 bits of entropy) generated by the server when a user is created. It is used to encrypt the master key when saving to the browser's localStorage ("Remember master password" feature). Encryption is performed via AES-256-CBC.
Encryption modes
Client-Side Encryption (CSE)
Client-side encryption is an operating mode where data is encrypted in the user's browser before being sent to the server. It implements the Zero-Knowledge principle: the server has no access to decrypted data. Uses AES-256-CBC.
Server-Side Encryption
Server-side encryption is an additional layer of protection where data is encrypted on the server before being written to the database. It is always active, regardless of client-side encryption settings. Uses AES-256-CFB via OpenSSL.
Zero-Knowledge
Zero-Knowledge is a principle where the server does not have enough information to decrypt user data. All cryptographic operations are performed on the client side.
End-to-End Encryption (E2E)
End-to-End Encryption is encryption where data is encrypted on the sender's device and decrypted only on the recipient's device. In Passwork, it is implemented through key exchange using RSA-OAEP.
Data sharing
Internal sharing
Internal sharing is granting access to a vault or record to another Passwork user. The key is encrypted with the recipient's public RSA key (RSA-OAEP via WebCrypto).
External link
An external link is a way to share a record with someone without a Passwork account. A copy of the record is created, encrypted with a special link key (AES-256-CBC). The link token is embedded in the URL.
Link token
The link token is a random 43-character string (~256 bits) used to identify the external link and access encrypted data.
Cryptographic algorithms
PBKDF2
PBKDF2 (Password-Based Key Derivation Function 2) is an algorithm for deriving a cryptographic key from a password. It uses a salt and a large number of iterations to protect against brute-force attacks.
Parameters in Passwork:
- Client: 300,000 iterations, SHA-256, 512 bits
- Server: 600,000 iterations, SHA-512, 512 bits
AES-256-CFB
AES-256-CFB is a 256-bit symmetric block cipher in CFB (Cipher Feedback) mode. Used for server-side data encryption via OpenSSL.
AES-256-CBC
AES-256-CBC is a 256-bit symmetric block cipher in CBC (Cipher Block Chaining) mode. Used for client-side encryption.
RSA-OAEP
RSA-OAEP is an asymmetric encryption algorithm with Optimal Asymmetric Encryption Padding. Passwork uses 2048-bit keys with SHA-256 hash function. Implemented via the WebCrypto API.
CryptoJS AES
CryptoJS AES is a library for AES encryption on the client. Uses CBC mode with PKCS#7 padding and a built-in key derivation function. Output is encoded in Base32.
Abbreviations
| Abbreviation | Meaning | Description |
|---|---|---|
| CSE | Client-Side Encryption | Encryption on the client |
| E2E | End-to-End Encryption | End-to-end encryption |
| PBKDF2 | Password-Based Key Derivation Function 2 | Password-based key derivation function |
| AES | Advanced Encryption Standard | Symmetric encryption algorithm |
| RSA | Rivest–Shamir–Adleman | Asymmetric encryption algorithm |
| OAEP | Optimal Asymmetric Encryption Padding | Padding scheme for RSA |
| CFB | Cipher Feedback | Cipher feedback mode |
| CBC | Cipher Block Chaining | Cipher block chaining mode |
| IV | Initialization Vector | Initialization vector |
| TOTP | Time-based One-Time Password | Time-based one-time password |
| TTL | Time To Live | Token lifetime |