Mathematical Security
Trustity does not store your files' encryption keys in a single location. Instead, we use Shamir's Secret Sharing (SSS) to split the AES-256 master key into 3 distinct fragments ("shares").
The 3-Key Architecture
- Share 1 (User): Stored locally on your device or encrypted with your PIN. Trustity never sees this raw share.
- Share 2 (Cloud A): Stored in our primary operational database (Metadata).
- Share 3 (Cloud B): Stored in an air-gapped backup vault (Cold Storage).
To decrypt a file, the system requires at least 2 out of 3 shares. Since Trustity only holds Share 2 and Share 3 in separate environments, and Share 1 is never transmitted to us, we cannot decrypt your data even under subpoena.