Skip to main content

Desktop agent

Master key

What is the master key?

Idemeum desktop client handles sensitive information, including user credentials. In order to achieve the highest level of security and enable client-side encryption, you can generate master key in the admin portal and supply that key to all idemeum desktop agents during installation. This way your credentials are encrypted with your own key that is not known to idemeum team. Even if idemeum cloud is compromised, your credentials will never be exposed.

How to access master key?

  • Navigate to your idemeum tenant and access admin portal
  • Access SettingsDesktop agent
  • Scroll down to Master key
idemeum does not see your master key. It is generated in the browser on the client side and is encrypted with your mobile key. Therefore, key is alwasy visible to you and other admins in the portal, but noone from idemeum team can decrypt your key.
  • Copy the master key and enter the key into idemeum desktop application during installation (if you are installing manually)
  • You can always come back to the admin portal and retrieve your key by hitting the View key button

Technical details

Master key is an AES-GCM 256-bit symmetric encryption key. AES-GCM is Advanced Encryption Standard algorithm in Galois/Counter Mode.

Master key is a tenant specific encryption key that is created by the tenant administrator in the admin web portal. On creation, each tenant administrator is assigned a copy of the master key that is encrypted by the administrator’s private key that resides in the idemeum mobile identity. By doing so, the encrypted master key cannot be seen by anyone, including idemeum, in the cloud adhering to the zero-knowledge cloud principles. This means that even if someone hacks into idemeum cloud, they will not be able to decrypt the master key as there is no decryption key in the cloud.

The master key can be accessed by the tenant administrator in the web portal and on the tenant workstations / desktops to securely manage user credentials. On the workstation, the master key is persisted in the registry and remains in the tenant infrastructure. 

Master key is used in multiple use cases including and not limited to user authentication, capturing domain password, auto-fill credentials.

Security whitepaper
Overview This paper openly and transparently shows how we architected idemeum from the security standpoint. We have detailed all architecture designs, crypto algorithms, protocols, and approaches we took to secure data and companies that are using idemeum. Platform components Privacy and security are in our DNA, which is why idemeum’s