Cloud Storage + End-to-end Encryption

Tresorit provides a novel approach to secure cloud storage by using end-to-end encryption. We believe you should never have to ‘trust’ a cloud service. With Tresorit you don’t need to.

  • End-to-end Encryption

    End-to-end encryption

    Using end-to-end encryption, Tresorit encrypts every file and relevant metadata on your devices with unique, randomly generated encryption keys. These keys are never sent to our servers in unencrypted format. Accessing files is only possible with a user’s unique private decryption key.

    Learn more
  • Cryptographic key sharing

    Cryptographic key sharing

    When working together, encryption keys that can decrypt shared files need to be shared between collaborators. Tresorit’s patented protocol ensures keys are shared automatically, without revealing them to anyone who has access to either the network or the servers managing the data.

    Learn more
  • Client-side integrity protection

    Client-side integrity protection

    Tresorit applies a Message Authentication Code (MAC) to each file, guaranteeing that the contents cannot be modified without your knowledge, even if somebody hacks our system.

    Learn more
  • Zero-knowledge authentication

    Zero-knowledge authentication

    Unlike other services, Tresorit never transmits or stores files, encryption keys and user passwords in unencrypted or unhashed form. Due to the strength of Tresorit’s end-to-end encryption and security, breaking this protection would take several human lifetimes. This is why we can never recover forgotten passwords, or hand over your data without your consent in case of a legal inquiry.

    Learn more
  • PKI for all devices

    PKI for all devices

    Tresorit uses Public Key Infrastructure (PKI) to authenticate each Tresorit user and their devices, without storing any information about their passwords. This enables more secure collaboration and device management.

    Learn more
  • Sharing with link

    Sharing with link

    Tresorit’s web-based sharing solution enables sharing files, folders, and tresors securely with anyone. Files sent via link have the very same end-to-end encryption and integrity protection as files synchronized with the Tresorit client. Password protection, download limit, and expiry date provide further protection for confidential documents. Recipients don’t need to have the Tresorit app installed on their device. Decryption happens in the browser.

    Learn more
  • Hardened TLS

    Hardened TLS

    TLS (the successor of SSL) channel protection can be hardened through the use of client certificates. This method provides public key-based security when you connect to Tresorit servers.

    Learn more
  • Non-convergent cryptography

    Non-convergent cryptography

    Only a few providers offer end-to-end encryption, but by using so-called convergent cryptography they sacrifice confidentiality to save storage space. Convergent algorithms enable them to determine when your content matches others’ content in the cloud, which can leak valuable data about you to outside observers.

    Learn more
  • Conventional protection

    Conventional protection

    The data centers used by Tresorit are audited for ISO27001:2005, SSAE 16 and several other certifications. These datacenters are located in Ireland and the Netherlands and they are constantly guarded to prevent unauthorized access and constructed to protect against environmental threats.

    Learn more