Security: Encryption Used
Firezone employs a few different security controls to keep data secure in transit and at rest. Below is a table of cryptography used and to which contexts they apply.
| Cryptography | Context | Notes |
|---|---|---|
| AES-256-GCM | Data at rest | Used to encrypt sensitive data that needs to be persisted, such as authentication tokens. |
| TLSv1.2/TLSv1.3 | Data in transit | Used to encrypt connections to the admin portal and control plane API. |
| ChaCha20, Poly1305, Curve25519, BLAKE2s, SipHash24, HKDF | Data in transit | Used by WireGuard® for VPN tunnels. Read more at https://wireguard.com/protocol. Firezone uses a fork of the boringtun WireGuard implementation that has been further hardened and optimized by the Firezone team. |
| SHA-256 | Data at rest | Used to store hashed+salted randomly-generated authentication tokens. |
Need additional help?
See all support options or try asking on one of our community-powered support channels:
- Discussion forums: Ask questions, report bugs, and suggest features.
- Discord server: Join discussions, meet other users, and chat with the Firezone team
- Email us: We read every message.
Or try searching the docs: