Every Docyt user gets a secure key (RSA-2048 bit private key) which is generated for you when your account is created. This secure key is encrypted further using a special type of key which is generated by combining:
- User’s PIN: This is known only to the user.
- A split knowledge, dual-control key: This is known to our servers and no one else. This special key is split into two components, each of which is stored in a different secured location and managed by a different Docyt employee. Anytime our servers restart, both parts of this key must be manually entered by both employees – much like a nuclear launch panel. These two components are securely combined in memory when Docyt servers start and are not saved to disk. If the server loses power, this key is wiped out from memory.
Having such a setup for saving secure keys ensures that not even Docyt employees can look into your private data. This is also why it is extremely important to protect your account PIN, and never share it with anyone.