Key Encryption

The technical details of how MoniPay secures your private keys.

MoniPay uses industry-standard cryptographic algorithms to ensure that your private key remains private, even if your device is lost or stolen.

Encryption Algorithm

We use AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode). This is a high-performance, authenticated encryption standard used by governments and financial institutions worldwide.

Key Derivation

Your 6-digit PIN is not used directly as an encryption key. Instead, we use PBKDF2 (Password-Based Key Derivation Function 2) to derive a strong 256-bit key from your PIN. This process makes "brute-force" attacks (trying every possible PIN) computationally expensive and slow.

The Encryption Process

  1. Generation: A random 256-bit private key is generated on-device.
  2. Derivation: Your PIN is put through PBKDF2 to create an encryption key.
  3. Encryption: The private key is encrypted using AES-256-GCM.
  4. Storage: The resulting "encrypted blob" is stored in your device's local storage.

Cloud Backup Security

When you enable Cloud Backup, the encrypted blob is uploaded to your Google Drive. Because it's already encrypted with your PIN-derived key, Google cannot read your private key.

A 6-digit PIN is convenient but can be guessed if it's simple (like 123456 or your birth year). We strongly recommend using a unique, non-obvious PIN.