Security

Everything you need to know!

Are you secure?

There is a short and a long answer, short YES. On the other side continue reading.
We will explain how the service works, how we encrypt and decrypt your secrets and how we keep it safe.

How about the encryption?

We are storing very sensitive information from you and we keep it as safe as possible.
Every exchange credential is RSA PKCS1 OAEP with SHA512 encrypted.
The key was generated in a secure location with a true random hardware number generator (TRNG) and will never leave that device. Different technologies are used to make sure that the location will never be unveiled and is strictly monitored.

Why Google as login?

Creating and implementing your own authentication method is always prone to erros and we do not like to have errors with it (safety first). The Google login, or rather Oauth2 protocol is proven to be secure and easy to implement.
We will implement other provider in the future, but we had to start somewhere and Google is a wildly accepted.

Can I encrypt my own keys?

We want to be as transparent as possible and want to allow you to encrypt your secrets on your own computer.
This means that the credentials will never be transmitted unencrypted over the internet.

Public Key:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkYVtN8avbzVYar1zwQkC
VbHgdCz11SEz88Qix4J3s/pavnQnObIIxfynYwrk1Zp0eUfAfoPqwO6EaAS2ijo8
/qrivQiOrEGc7fvM+h7k0xrIelu8hiGEr74Tj5uSVikLVCrDp9ztJXv3Kmc955b6
eLi08eM9xVvphoFqyCOX9d22d2hQV0CfRilvAO/CU2+aqapcGft2M740HZjbluEZ
B1Z5zKsDwccRtbL//ECBZkl+jK13YsyarYE20AJt4irSNSJb/JLXmP48xpYls95B
gPK1n04rttFh8WHOQA0Ep0p7CEZG6SRGiI6AKNOvuz8mLZmx24F0lxmDYkjaeVM6
SyUnqoNKnT5/mnXaAxn3+DtZADrC+BX89EmCK8YkYikKWvZ26ohG1jg/mGTKalo5
oOrPmbDu6Q+RCsfDktPOYaPjBO/cO48NCrnevaNnQXcUcPqgXsLVvfhZWj944bVR
RwtaqjYyw5ay7XIxYmFDKXX8UKxcWSFTbBtgmcV+rYE7GjepAQOgDk/wCjvDQZ64
DV40sdg9d2hNmXkb2/SbxiZLjJH8f1obmJMLLaoE0YaN2vrQJWFV2uIz5YPwxHeU
yqAfJwoV4QWHv8d6VgayQY+eWEGQirLTQEBuXpVlH++Sua/2+4K5WdhMDgKmbW0A
M+EcAGPQWXgg6SgRfNtmRrsCAwEAAQ==
-----END PUBLIC KEY-----

SHA512 Fingerprint:

3c9ed26c7adb9f80d35ecd373bb6cad486cce1a41c98388ebb6c7eb0ecd3387cfbec0432d94184bfd4966737b408d993f55292c59d86a393fd9863f650e116aa

Learn how to encrypt your credentials.

Whitelist IP address

When we access the exchanges we are using ip 94.130.149.248 to access them. You should whitelist us and make sure that the api keys will only be used from that ip address.
Please note that this ip address can change without further notice (we try not to).