Security & Encryption

Paw uses high security encryption standards: AES-256 CBC, PBKDF2 key derivation and HMAC SHA-256 signatures. Our goal is to build the safest testing HTTP client.

Keychain Integration

Paw seamlessly integrates with your Mac's Keychain and lets you pick passwords and SSL Client Certificates from it. The data taken from the Keychain is never persisted by Paw.

End-to-end encryption

We wanted to make something that works by default for every user, regardless of their level of interest in securing their credentials and knowledge about encryption. In Paw, password fields are by default secured, and users can manually make any input encrypted.

When syncing projects with Paw for Teams, your credentials stay safe and are encrypted before being synced in the cloud. The encryption key is randomly generated by Paw locally and is never shared with us, keep it safe as if you loose it we won't be able to help you recover them.

  • Encryption done right.

    Paw follows the already proven RNCryptor v3 spec, which derivates 256 bits keys from your master passphrase with PBKDF2, encrypts with AES, using unique Initialization Vectors for CBC and applies a HMAC SHA-256 signature to the final cipher text.
  • Secure Interface.

    Requests are only sent to the servers you specify in the URL field and SSL certificates are validated. By default, any sensitive piece of information is obfuscated on screen and is not copied to the clipboard.
  • Your master keys are safe.

    Paw randomizes master passphrases for you, and stores them in your Mac's Keychain, which is protected like any other secure data on Mac. You may have multiple encryption keys to be used for distinct documents.
  • Everywhere safe.

    While your passwords and private keys are kept secure, we also encrypt your history of HTTP exchanges (request/response pairs) as well as the cookies stored by Paw.

All the details about encryption

We know how easy it is to make a fatal mistake when designing an encryption process, and obscurity is not an option when it comes down to keeping your data safe. So, we have detailed precisely how our mechanism works:

  • The master passphrase is stored in the OS X Keychain, such as no other application can access it without an explicit grant from the user
  • Encryption uses AES-256 (technically AES with a 256 bits key) and CBC
  • Keys are derivated using PBKDF2 with 100k iterations (we raised RNCryptor's standard from 10k to 100k)
  • New salts and initialization vectors (IV) are generated for each secure entry
  • Cryptographically secure pseudo-random numbers are taken from /dev/random
  • When typing, on each update (key stroke) a new IV is randomized while the key derivation salts are reused
  • To keep the performance high, the derivated keys are cached in-memory
  • To prevent attackers from sniffing the Paw's memory, we deter attachment of debuggers
  • OS X encrypts memory when swapping to disk, which eliminates the risk of leaving plain text data on disk (see OS X Secure Virtual Memory)

Or, in pseudo-code:

def Encrypt(Passphrase, Plaintext):
  EncryptSalt = Random(8 length)
  EncryptKey = PBKDF2(EncryptSalt, 32 length, 100k iterations, SHA-1, Passphrase)

  HMACSalt = Random(8 length)
  HMACKey = PBKDF2(HMACSalt, 32 length, 100k iterations, SHA-1, Passphrase)

  IV = Random(16 length)

  Header = 0x03 || 0x01 || EncryptSalt || HMACSalt || IV
  Ciphertext = AES256(Plaintext, ModeCBC, IV, EncryptKey)
  HMAC = HMAC(Header || Ciphertext, HMACKey, SHA-256)
  Message = Header || Ciphertext || HMAC
  return Message