Viivo secures your documents before they are synchronized to your Dropbox, Box, Drive and OneDrive. Our servers never see copies of your data or your passphrase. You have the keys to securing the data, not the cloud provider. Viivo security uses industry standards such as RSA 2048 and AES-256 to lock down data regardless of hackers, data snoopers or mistakes.

Viivo uses a multi-level hybrid crypto approach when securing all of your files, whether they are personal or shared. This means that every time you give or revoke access to a folder, it doesn’t have to be re-encrypted. Your files will be secure through the whole process. At the base level, Viivo creates a 2048 RSA key pair to safely exchange keys between collaborators and devices. Your RSA Private key is secured with your password, a secret known only to you. Your password is strengthened using PBKDF2 HMAC SHA256. All your files are encrypted using AES-256 before they leave your physical device.

The Basics:

  • Each Viivo user has a Private Key that is encrypted with AES-256. The key is generated from your password using PBKDF2 HMAC SHA256
  • For shared folders, there is a Share Key that is exchanged via RSA encrypted 2048
  • All of your files are encrypted with AES-256

The latest edition of Viivo stores security keys separately from Dropbox, Box, OneDrive and Drive so that they are kept as private as possible. This system keeps your public and private key pairs in separate locations, and they cannot be correlated outside of the application. Although we do not store your passphrase or private key on the server, Viivo does support passphrase recovery through a secure process that uses data on the server with data on your Viivo-enabled device.


When you create a Locker or a Viivo Drop Zone file, you are creating a Viivo Asset. As the owner of an asset, you can give Asset keys out to individuals. This is accomplished in the Viivo Manager client when you check someone's name in the Assets tab. The way Viivo shares these asset keys is with our server. Asset keys are generated by the client and encrypted for the recipient before it goes to the server.

Every file is encrypted with a unique, randomly selected, 256-bit AES key. This is the "Session" key - it is used for one file and never used again. A recipient of that file needs to know the session key. We encrypt the session key for that (and possibly other files) using an asset key. Asset keys are 256-bit AES keys.

When someone is removed from accessing an asset, not only do we take his keys away, but we stop using any of those asset keys he had and all start using a fresh asset key for future encryptions.

The Strategy:

  • You are in control. Nobody else.
  • When a cloud provider encrypts your data, they hold the encryption keys, not you. This is "zero-value encryption" and offers you no real protection from snoops, thieves or technology exploits that leave your data vulnerable.
  • Security is about defense-in-depth and that is the approach we take with Viivo. Cloud providers do a great job of syncing, storing, versioning, backing up and facilitating easy access to your data. Viivo gives you the encryption to do all of that securely.