This section describes in detail just what AxCrypt is, what it does, and how it does it. It is mostly for technical experts, who have a good grasp on software development as well as cryptography. Information here is intended to be complete enough to build AxCrypt-compatible software for example.
AxCrypt Version 2 Algorithms and File Format (PDF)AxCrypt Version 2 Algorithms and File Format
AxCrypt Version 1 Algorithms and File Format (PDF)AxCrypt Version 1 Algorithms and File Format
The complete source code for the core libraries and the Windows client used to be in a mercurial repository in Bitbucket. But as of summer 2020 Bitbucket discontinued their mercurial support and we’re actively working on finding an alternative solution to make the source code easily available. For now, please contact firstname.lastname@example.org and we will supply the source code.
What is stored on the server?
When an account is created, we store some basic information.
The email address of the account.
The sign in status, number of failed sign in attempts, last time of sign in etc.
The payment status.
A RSA-4096 public key that is available for others to download in order to perform file key sharing.
One or more RSA-4096 private keys, encrypted using AxCrypt and the sign in password, so we can keep it synchronized across devices, and as a backup should a device be lost or destroyed.
If the password manager is used, we also store an AES-256 XML-encrypted file with the password records, encrypted with the sign in password.