Skip navigation

How encrypts your data

2 min read
Download PDF protects your content at several levels. When you edit your content in, your data is encrypted in transit. Once your work is done, encrypts your data at rest. The encryption is compliant with NIST 800-57, which provides guidelines on cryptographic key management.

Table of contents

    Encryption in transit

    Access to resources by end users is encrypted in transit with HTTPS transport layer security (TLS). We support TLS 1.3 and TLS 1.2 with strong cipher suites to protect from man-in-the-middle attacks. Support for older protocols and cipher suites is disabled due to known security vulnerabilities.

    All ciphers support perfect forward secrecy to ensure that even intercepted traffic cannot be decrypted in the future.

    List of supported ciphers:

    Encryption at rest

    The infrastructure runs on Microsoft Azure. Whenever you add or change content in, it's stored in a Microsoft Azure data center. Your data is safely encrypted at rest using the industry-standard AES 256 cipher. This way we protect the confidentiality of your data stored on physical disks in any digital format.

    This is also a requirement for all providers that store customer data in any form.

    Other uses of encryption

    We also use encryption to ensure the integrity of data. That is to ensure that the data hasn't been modified since its creation.

    For example, for the signatures of API keys used by APIs, we use the RSA signature and HMAC with the SHA-256 hash function (HMAC-SHA-256). This way we can ensure that the API keys were issued by or Auth0 as an identity provider.

    To generate cryptographically strong random values, we use the .NET Random Number Generator.

    For sensitive operations and applying cryptographic protection in general, we use the HMAC-SHA-256 or SHA-256 algorithms.

    What's next?