KeyMe Pass

KeyMe Pass

Download
Security2025-01-146 min

Why KeyMe Pass's WebDAV Backup is Secure Enough

Explore KeyMe Pass WebDAV backup's end-to-end encryption mechanism and understand how the server zero-trust architecture ensures your data security.

WebDAV Backup: The Perfect Combination of Security and Convenience

KeyMe Pass's WebDAV backup feature lets you safely sync data across multiple devices while maintaining the highest level of security. This article explains in depth why this feature is secure enough.

End-to-End Encryption (E2EE)

KeyMe Pass's WebDAV backup uses end-to-end encryption, which means:

  • Data is encrypted before it leaves your device
  • The server can only see encrypted data, with no access to any plaintext
  • Only your device holds the decryption key and can decrypt the data

Encryption Process

When you enable WebDAV backup:

  1. Data is encrypted on-device using the DEK (Data Encryption Key)
  2. Encrypted data is transmitted to the WebDAV server via HTTPS
  3. The server only stores encrypted data and cannot decrypt it
  4. Other devices download data and decrypt it using the same DEK

Server Zero-Trust Architecture

KeyMe Pass follows the server zero-trust design principle:

We assume the server is completely untrustworthy. Even if the server is compromised, attackers cannot obtain any of your plaintext data.

Why Can't the Server Decrypt?

  • DEK Not Stored on Server: The Data Encryption Key (DEK) is only stored on your device
  • KEK Derived from PIN: The Key Encryption Key (KEK) is derived from your PIN, which the server cannot obtain
  • Double Protection: Even if attackers obtain encrypted data, they cannot decrypt it without the DEK

Compatibility and Flexibility

KeyMe Pass's WebDAV backup supports multiple storage solutions:

  • KeyMe Pass Hosting: We provide professional WebDAV server
  • iCloud: Compatible with Apple's iCloud Drive
  • Nextcloud: Supports self-hosted Nextcloud servers
  • Other WebDAV Services: Compatible with any standard WebDAV server

Transmission Security

In addition to data encryption, KeyMe Pass ensures transmission security:

  • Forced HTTPS: All data transmission uses encrypted HTTPS connections
  • Certificate Verification: Validates server certificates to prevent man-in-the-middle attacks
  • Authentication Protection: Uses secure authentication mechanisms to protect access

Conclusion

KeyMe Pass's WebDAV backup feature ensures absolute security for your data during backup and sync through end-to-end encryption, server zero-trust architecture, and multiple security measures. You can safely use this feature to sync data across devices without worrying about data leakage risks.