Please follow this link to start a security assessment of Termius for your company.
Termius offers two types of authentication: username/password and single sign-on (SSO). After a successful authentication via SSO, the app also requires the master password to access personal and team vaults.
The app uses a modified SRP6a protocol to communicate with the server without sending the password or password hash over the network. The following diagram illustrates the authentication process:
To complete authentication, the client and the Termius cloud must prove that each party has the same key:
- The cloud sends the client a random piece of data, a salt to be used by the Argon2id password hash algorithm and User Identifier.
- The client sends the cloud a random piece of data and a client proof.
- The cloud sends the client a server proof, an encrypted API Key, and a salt.
- The client validates the server proof and decrypts the API Key.
Termius uses a hybrid approach for the encryption of Personal Vault. The key steps of the encryption algorithm are below:
- Termius generates a random key pair during account creation
- Using the key pair, the app generates the user's personal encryption key.
- The personal encryption key is used to encrypt all the user data like hosts, groups, keys, etc.
- The private key is encrypted using the user's master password.
- The app syncs the encrypted key via Termius Cloud to other devices.
The critical thing is that the master password never gets sent to the Termius Cloud. Hence all the data in the Personal Vault could not be read by anyone without the master password.
If you lose your master password, then it is not possible to recover the data.
For a team vault, Termius also uses the hybrid approach for encryption.
On the Team Member's Side
- When a team member joins Termius, the app generates a key pair. It is used for their Personal Vault; see above.
- Personal Vault public keys from each team member are shared with the team owner.
On the Team Owner's Side
- When a team owner starts a team, the app generates a separate encryption key for each shared vault.
- For each team member, the app encrypts the key for all shared vaults using the public keys of the team member. The app utilizes the team owner's private key for creating MAC.
- The app syncs the encrypted key for a shared vault with Termius Cloud.
On the Team Member's Side
- Termius sync encrypted keys for all shared vaults.
- The app decrypts the keys for shared vaults with the private key for their Personal Vault and uses the team owner's public key to verify the MAC.
Termius uses the 1.0.17 version of Libsodium and custom C++ binding for iOS, Android, and Desktop applications. Termius uses the following APIs in Libsodium:
- For public-key encryption: crypto_box_keypair, crypto_box_easy and crypto_box_open_easy – it uses X25519 key exchange, XSalsa20 stream cipher, and Poly1305 MAC.
- For secret key encryption: crypto_secretbox_keygen, crypto_secretbox_easy, crypto_secretbox_open_easy – it uses XSalsa20 stream cipher and Poly1305 MAC.
- For password hashing: crypto_pwhash with options:
MEMLIMIT_INTERACTIVE, and ARGON2ID13.
- For generating a nonce: randombytes_buf.
Termius uses SRP implementation from Botan and GRPC over TLS as a transport for SRP protocol. Termius uses the 2.14.0 version of Botan and custom C++ binding for iOS, Android, and Desktop applications.
The encryption key and key pair are stored on devices, namely in:
- iOS: Keychain.
- Android: shared preferences, encrypted by a key stored in Android Keystore.
- Desktop: Electron IndexedDB encrypted by a key stored in OS Keychain when Keychain is available and in localStorage as a fallback.
Please, email us at firstname.lastname@example.org, if you have any security concerns.