Security Architecture
Trustity is built on a "Zero-Trust, Zero-Knowledge" philosophy. We designed the platform so that we cannot see your data, even if we wanted to.
Endpoint
TAO Agent
Trustity Cloud
Zero-Knowledge Vault
Zero-Knowledge Vault
Files uploaded to Trustity Vault are encrypted locally on your device using AES-256-GCM before they ever touch our network. We store the encrypted blob, but we never hold the key.
Key Fragmentation (Shamir's Secret Sharing)
To prevent a single point of failure, the encryption key is mathematically split into 3 fragments. Trustity servers only hold encrypted shards. To reconstruct the file, the user must provide their local secret or PIN which acts as the final piece of the puzzle.
Agent Security
Our agents (GenGuard & Rotator) are designed to be invisible to attackers but resilient against tampering. They communicate via outbound-only connections.
Every agent is issued a unique certificate. The server verifies the agent, and the agent verifies the server.
All binaries and updates are cryptographically signed to prevent supply-chain attacks.
You don't need to open port 443 on your firewall. The connection is strictly outbound.