FAQ: How good is eWallet's encryption?

Last Updated:

eWallet® uses the secure 256-bit Advanced Encryption Standard (AES) for encrypting information in your wallet. This is the same encryption method that many government organizations require to protect their data. On specific platforms, eWallet’s AES encryption is also FIPS (Federal Information Processing Standard) compliant:

FIPS Certification, Windows

eWallet versions 6, 7 and 8 (Windows Desktop and Windows Mobile) are FIPS compliant on the Microsoft Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10, Windows Mobile 5.0 and Windows Mobile 6.0 platforms where it uses Microsoft cryptographic libraries that have received certificates and been validated as conforming to the Advanced Encryption Standard (AES) Algorithm, as specified in Federal Information Processing Standard Publication 197, Advanced Encryption Standard. Please see the Advanced Encryption Standard Algorithm Validation List for more information.

Product: Windows 10 (Desktop) Vendor: Microsoft Corporation Component: CryptoAPI Validation Number: 3507 Notes: “The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module which can be dynamically linked into applications by developers to permit the use of FIPS 140-2 Level 1 compliant cryptography.”

Product: Windows 8 (Desktop) Vendor: Microsoft Corporation Component: CryptoAPI Validation Number: 2216 Notes: “The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module which can be dynamically linked into applications by developers to permit the use of FIPS 140-2 Level 1 compliant cryptography.”

Product: Windows 7 Vendor: Microsoft Corporation Component: CryptoAPI Validation Number: 1178 Notes: “The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module which can be dynamically linked into applications by developers to permit the use of FIPS 140-2 Level 1 compliant cryptography.”

FIPS Certification, Apple’s iOS, iPadOS and macOS eWallet 8.3 for iOS and eWallet 8.3 for macOS are FIPS compliant on the iOS 10 and macOS 10.12 (Sierra) platforms respectively on compatible hardware, where eWallet uses Apple cryptographic libraries that have received certificates and been validated as conforming to the Advanced Encryption Standard (AES) Algorithm, as specified in Federal Information Processing Standard Publication 197, Advanced Encryption Standard. Please see the Advanced Encryption Standard Algorithm Validation List for more information and the full list of supported hardware and OS versions. Note that Apple’s older iOS and macOS platforms may be compliant as well.

Product: iOS Vendor: Apple Inc. Component: Apple iOS CoreCrypto Module (Generic) Example Validation Number: 4269 Notes: “Cryptographic library offering various cryptographic mechanisms to Apple frameworks. The testing applies to user space and generic, non-optimized software.”

Product: macOS Vendor: Apple Inc. Component: Apple OSX CoreCrypto Module (Generic) Example Validation Number: 4222 Notes: “Cryptographic library offering various cryptographic mechanisms to Apple frameworks. The testing applies to user space and generic, non-optimized software.”

The key used to encrypt your information is generated from your password. eWallet does not store your password in your wallet file, or anywhere on your mobile device or your Mac or PC (with one possible exception, if the user chooses to use a convenience technology such as Apple’s Touch ID with eWallet, then the password could be stored in a secure area protected by the device’s secure enclave). There is also information in this article about storing cloud wallet (.cwlt) files on Dropbox, Google Drive, or Microsoft OneDrive.

There is certain meta-data (card and category names for example) that is not encrypted. This is because eWallet’s sync engine does NOT decrypt the data to synchronize it, and if there is any issue to report, it needs to reference the card or category by name. Note that all card fields are completely encrypted. And if you use Cloud Sync via Google Drive, Microsoft OneDrive, or Dropbox, then the cloud wallet is double-encrypted so not even meta-data is available. Sensitive meta-data should not be put in the card or category names, but rather directly in the card fields where it will be encrypted.

Platforms
  • Android
    • ,
  • iPad
    • ,
  • iPhone
    • ,
  • macOS
    • ,
  • Windows