How It Works

Non-Geek Version

jkPassword encrypts and decrypts your passwords (and information) in the web browser on your iPhone. This means that your passwords are never sent to us in the clear. They are encrypted using the Advanced Encryption Standard that is currently used by the United States to keep classified information secure. The only password information that is sent to us in a clear form are your categories and the actual number of passwords that are in each category. By encrypting and decrypting in the browser itself your data is only in the clear *on* your device when you decrypt it. Also as an added precaution all comunications between your web browser (iPhone) and jkPassword are encrypted using the standard web encryption that sites use to protect your personal information such as bank accounts and credit cards (see the lock in the address field).

Geek Version

jkPassword uses 256bit AES to encrypt/decrypt your passwords in JavaScript on the iPhone. Also AES is used in counter-mode to ensure that your text is encrypted securely. This means that the exact same piece of text encrypted many times does not produce the same output each time. jkPassword also uses SHA2 to hash your encryption key making it more secure. Once your passwords are encrypted they are then Base64 encoded and sent to our server via AJAX for storage. The only information our database has is a key to uniquely identify the password and the encrypted-Base64 version of text for each password. The password categories are sent to the server in plaintext and this is to make it easier to have seperate encryption passwords for each category. On top of all that all communications occur over 128bit SSL, just to make sure. If you have any concerns about our methodology please contact us.