Security Architecture

Trustity is built on a "Zero-Trust, Zero-Knowledge" philosophy. We believe that we should not be able to see your data even if we wanted to.

Zero-Knowledge Vault

Files uploaded to Trustity Vault are encrypted locally on your device using AES-256-GCM before they ever touch our network.

Key Fragmentation (Shamir's Secret Sharing)

The encryption key is split into 3 parts. Trustity only holds encrypted fragments. To reconstruct the file, the user must provide their local secret or PIN.

Agent Security

Our agents (GenGuard & Rotator) communicate via outbound TLS 1.3 connections only. No inbound ports are required on your firewall.

Mutual Auth: Agents authenticate via unique License Keys.
Least Privilege: Agents run with minimal required permissions.
Code Signing: All binaries are signed to prevent tampering.