Beyond Encryption use Advanced Encryption Standard (AES) symmetric block ciphers on all messages.
We use AES-256 (i.e. a key length of 256 bits); this is not configurable.
Multiple keys are used in each message encryption process and are generated on a per message basis.
For Mailock Enterprise, we (securely) provide a unique API-key, installed on the gateway appliance, which is the authentication token used by the gateway in all interactions with the core system (over TLS).
AES-256 encryption is the standard chosen by the US government to encrypt classified information, so we are confident in the security of the algorithm. Our implementation of the algorithm code is regularly reviewed by Nettitude, a Lloyds registered security testing organisation (https://www.nettitude.com/uk/).
The message encryption is only one factor to consider though; with Mailock the encrypted files are not made available to the recipient until they have proven that they are allowed to read the message. Compare this approach with systems where the encrypted files are included as attachments to the notification message and are immediately available for any cracking attempt.
Someone would need to be able to complete the following before Mailock releases the encrypted message files:
A user’s interaction with the website or API is encrypted with TLS over HTTP.