Legapass

Secure the transmission of your digital assets

Make sure your family can get your digital currency and data back.

An idea thought and built around security

When we created the service we wanted to answer a question that was fundamental for us :

"How do you create a service that is secure enough for everyone to safely deposit their functional account logins and passwords so that they can be securely transmitted to their legatees?"

Throughout the research and development phase of Legapass, we found the answer to this question:

You should not trust person. Take into account that at any time there may be a fault in someone (us, you or anyone else involved in the process).

Based on this premise we have created an architecture where no one has the ability to access your information, not even you.

We hear more and more about encryption on the Internet. For some it is the ultimate guarantee of trust, the magic word to say that everything is secure. However, for others, more specialized in the field, it is an essential but far from sufficient layer of security.

We are one of those people.

Encryption is essential but is not in no case an end in itself.

Open your Legapass safe for free

Asymmetric cryptography at the heart of Legapass

There are different types of cryptography in the security world.

At Legapass we have chosen the asymmetric cryptography that allowed us, as we will explain, to create this architecture without a trusted third party. (+ Solid, post Quantum + Zero Access)

The principle of this cryptography is based on the use of two keys. A private key (which allows to decrypt the information) and a public key (which only allows to encrypt the information). Of course, this is not a physical key but two pieces of encryption algorithm.

A public key

This key will allow to encrypt the information

A private key

This key will allow to decrypt the information

When you register with Legapass, you will be given a public encryption key automatically assigned by our system.

When you register a secret on our platform it will be directly encrypted in the web browser with your public key, which avoids man-in-the-middle attacks (man in the middle) and guarantees that Legapass will not have access to your information.

Unique offline archiving technology

Your encrypted information will then be retrieved from the Internet through an offline process to a safe in our data center, which contains encrypted disks with a security of military level. This offline process is currently being patented.

We have chosen encrypted disks from the company iStorage to store your information because they offer the highest level of security and certification available on the market today:

 

We keep your valuable data safe: offline and encrypted for many years.


The National Federation of Trusted Third Parties in the Digital Sector (FNTC).

To ensure the credibility of our work, we had to demonstrate to our two FNTC sponsors the reliability of our project. We first explained to them the data retention process. Then, with supporting technical documents, we showed them how the data is registered by the user and kept offline. Finally, we presented our architecture to them so that they could see that there is no no third party " trust "The time between the arrival of a data on our platform and its return to the designated legatee.

It is only after having checked the veracity of our statements, that our two sponsors validated our project and welcomed us within the National Federation of Trusted Third Parties of the Digital Industry and its Trusted Incubator.

The FNTC improves the security and quality of digital services. It is one of the essential actors of the securing electronic exchanges. Element indispensable the management of the life of an electronic document.

Frequently Asked Questions

Our security FAQ

Do you have questions about Legapass? The most frequently asked questions are listed in our FAQ. If you haven't found the answer to your question, go to the Contact us to ask us directly.

We do not hold the private key associated with your public key. It is kept offline at a bailiff's office who will forward it to your legatee(s) once their identity has been verified by our service. We will send our part of the information (your encrypted information) to your beneficiaries as well.

     

The keys were generated well in advance directly in the offices of our bailiff and under his control.

We came away with several hundred thousand public keys, one of which will be for you.

Thus, the one and only person who will have all the information to read your precious data will be your heir and only after your death, he will be the only one to hold your access codes encrypted by your public key as well as the private key that will allow him to reconstruct them.

These passwords will be illegible because they are encrypted by your public key.

The hard disks on which your encrypted access is stored, in addition to being physically in a safe, have military-grade security and physical encryption, they cannot be disconnected and reconnected on another machine without entering a 6-digit access code and even then, they would contain data encrypted by your public key.

Yes, but he does not hold your encrypted passwords...without the passwords the private key is useless. And at no time do your passwords pass through the bailiff's office before reaching your beneficiaries, we send them directly.


The future of our security commitment.

In the cybersecurity world, if there is a French organization whose reputation is well established and which shares our excellence in terms of security, it is theANSSI. French research, Post-Quantic, CNRS, UCA

The National Agency for the Security of Information Systems is a French organization whose mission is the following:

" The agency acts as the national authority for information systems security. As such, it is responsible for proposing the rules to be applied for the protection of the State's information systems and for verifying the application of the measures adopted. In the field of information systems defense, it provides a monitoring, detection, alert and reaction service to computer attacks, particularly on State networks. "

 

The ANSSI provides certificationsThis is a real guarantee of security for companies that want to showcase their work in this field. It is also a guarantee for users that the service used complies with the highest security requirements.

Since the creation of Legapass and at all levels (code, organization, infrastructure, etc.) we have always worked with a single objective: To be in accordance with requirements of the ANSSI.

Security and its imperatives is a world that we know well. We have therefore built and set up everything in order to be able to easily aim for these certifications, of which we are aware of the key points, through the various mandatory safety audits.

After our first fundraising, we will have the necessary budget to carry out these audits with specialized companies certified by the ANSSI.

en_USEnglish