Skip to content
English
  • There are no suggestions because the search field is empty.

Station70 FAQs

This article outlines Frequently Asked Questions.

  1. For the 3 levels of encryption (KMS, HSM, and Customer quorum m/n), what are the specific encryption algorithms used at each layer?
    1. Encrypted backup received from Fireblocks: RSA PKCS1 OAEP; Fireblocks-specified ciphersuite
    2. Cloud encryption via AWS KMS: AES-256-GCM; This is KMS’s symmetric encryption ciphersuite
    3. Operator YubiHSMs: Hybrid Public Key Encryption:. P256_HKDF-SHA256-AES-GCM-128. Uses the YubiHSMs Derive ECDH over P256 curve
    4. Customer Yubikeys (same encryption as YubiHSMs): Hybrid Public Key Encryption. P256_HKDF-SHA256-AES-GCM-128.
  2. What type of cryptography is Bunker using?
    1. Encrypted backup received from Fireblocks: RSA PKCS1 OAEP; Fireblocks-specified ciphersuite
    2. Cloud encryption via AWS KMS: AES-256-GCM; This is KMS’s symmetric encryption ciphersuite
    3. Operator YubiHSMs: Hybrid Public Key Encryption:. P256_HKDF-SHA256-AES-GCM-128. Uses the YubiHSMs Derive ECDH over P256 curve
    4. Customer Yubikeys (same encryption as YubiHSMs): Hybrid Public Key Encryption. P256_HKDF-SHA256-AES-GCM-128.
  3. How does Station70 secure backup packages to make sure no internal employees or outsiders can take my secrets? 
    1. Using a 3/3 encryption where each shard of the encryption key is in a different environment including one of the shards being the customer quorum via hardware devices provides cryptographic security that unwanted parties cannot access backup packages.
  4. What is white glove onboarding?
    1. White glove onboarding provides a comprehensive assessment of an organization's existing disaster recovery operations and provides a tailored recommendation & implementation onto the Station70 platform.
  5. Whats included in the insurance? 
    1. Station70 retains an insurance policy under its own name securing against negligence, misuse or unavailability of your backup keys. Clients are able to purchase additional coverage under their own name via our preferred insurance brokers.
  6. What is Failover Wallet ? 
    1. In the event of a disaster, the Failover mechanism allows clients to hydrate new wallets or workspaces with their existing keys. Removing the need to expose private keys in a traditional recovery exercise.