Skip to main content

Account encryption key

The Bravura Safe account encryption key is derived from your master password and used to encrypt all of your safe data.

Rotate your Bravura Safe account encryption key

Rotating your account encryption key generates a new one used to re-encrypt all safe data. If you think someone has gained access to your encryption key, consider rotating it.

Warning

Read through the following carefully before performing this operation.

  1. Log in to Bravura Safe via the web interface.

  2. Click the profile menu (your initials/avatar) and select Account settings.

  3. Select Security from the ACCOUNT SETTINGS menu.

    The Master password tab is displayed.

  4. If desired, change your master password .

    Note

    If you only want to rotate your encryption key, enter your current master password in all password fields.

  5. Select the Also rotate my account's encryption key checkbox.

    A confirmation message appears.

    Warning

    Read the warning carefully.

    safe_web_rotate_encryption_key

  6. To proceed with encryption key rotation, click Yes.

    Note

    Clicking No unchecks the option.

  7. Click Change master password.

    You are logged out from your current session.

    safe_web_logged_out_note

After rotating, take these steps immediately to prevent data loss or corruption:

  1. Log out of all Bravura Safe applications

    • After rotation, immediately log out of ALL logged-in sessions of Bravura Safe applications. This will stop all sessions using the 'stale' encryption key.

    • Log back in as usual to use the new encryption key.

    Warning

    Making changes with a 'stale' encryption key causes data corruption, making your data unrecoverable.

  2. Replace any account data backup exports

    • If you have used encrypted exports to back up your Bravura Safe account data, replace the encrypted export immediately using the new encryption key. See Export a personal safe.

Warning

A rotated encryption key cannot decrypt an export created with the old key.

Change personal encryption key settings

  1. Log in to Bravura Safe via the web interface.

  2. Click on the profile menu (your initials) and select Account settings.

  3. Select Security from the ACCOUNT SETTINGS menu.

  4. Click the Keys tab.

    safe_web_ acctset_keys

    Tip

    KDF = Key Derivation Function

    Warning

    Before proceeding, read and heed the warnings provided on the page.

  5. From the KDF algorithm drop-down, select a different algorithm (where available).

  6. Enter the desired KDF iterations.

  7. Click Change KDF.

    You are prompted for your master password.

    safe_web_ acctset_keys_chgkdf

    Warning

    Read and heed the warnings provided on the page.

  8. Enter your Master password.

  9. Click Change KDF.

    You are logged out from all active sessions and must log back in.

    safe_web_ acctset_keys_chgkdf2
In this section: