Help Center

ShieldFive Help

Need help? Contact support

Encryption, keys, and security

ShieldFive uses military-grade encryption to protect your files. Unwrapped encryption keys are handled in your browser, while wrapped key material can be stored for sync and recovery workflows.

How are encryption keys created?

Your browser generates a random 256-bit vault key. If you set a passphrase, it wraps the vault key using PBKDF2-SHA256. Each file also gets its own random encryption key, wrapped by your vault key (and by the share passphrase when you create a share link).

What encryption algorithm does ShieldFive use?

ShieldFive uses AES-256-GCM, an authenticated encryption mode trusted by security experts worldwide. Files are encrypted in chunks for large uploads; the chunk size is stored with each file so it can be decrypted safely.

How does ShieldFive verify my encrypted files?

Each upload part includes a checksum verified by storage, and ShieldFive verifies the final stored size before marking an upload complete. If ciphertext is corrupted or tampered with, AES-256-GCM authentication causes decryption to fail on the client.

Is my encrypted data protected from tampering?

Yes. AES-256-GCM provides authenticated encryption, so any modification causes decryption to fail. This protects you from corrupted or maliciously modified files.

How are filenames and folder names encrypted?

File and folder names are encrypted in your browser using your vault master key before being sent to ShieldFive's servers. This means:

  • ShieldFive never sees your actual file or folder names
  • Names are encrypted with the same strong encryption as file contents

  • You can search your files by name when your vault key is active in your browser

The server stores only encrypted names that look like random data.

Where is my vault key stored?

Your unwrapped vault master key stays in memory while you use ShieldFive. Wrapped key material can be stored with your account so you can unlock across sessions.

  • Unwrapped key stays in memory on your device
  • Wrapped key material may be stored server-side
  • Cleared from memory when you close the tab or sign out

You'll be prompted to re-enter your vault password when needed.

What are passphrase hints and are they secure?

When sharing files, you can optionally add a passphrase hint to help recipients remember the correct passphrase. Hints are encrypted in your browser before being stored, so they're only visible to people who successfully decrypt the shared file. Never put the actual passphrase in the hint.

Can encryption keys be changed or updated?

For security, ShieldFive's encryption system uses industry best practices including key rotation capabilities. Your individual file encryption keys remain permanent (tied to your passphrase), but the system's infrastructure keys are regularly updated to maintain the highest security standards.