Every REDDCRYPT user generates a key pair when first using REDDCRYPT. This RSA key pair consists of a private and a public key and is generated from the combination of the user’s email address and a chosen password.
The generation of the key pair takes place locally on your device.
A password key and password hash are created by key derivation from the user’s password.
The password key is used to encrypt the private key. This ensures that the private key can only be used after the password is entered.
The password hash is necessary to authenticate the user in the REDDCRYPT app. We use a hash value so that the actual password of the user is never transferred. Furthermore, a hash value is much more secure as it has higher entropy – more randomness – compared to passwords in plain text.
The private key, encrypted by the password key, is transferred to the REDDCRYPT servers together with the public key.