Published on December 12, 2024

How We Protect Your API Keys

Protecting your account security is our top priority. This article explains how we protect your Cloudflare Token using advanced encryption technologies.

Dual-Layer Encryption Protection

On the OneClick platform, we employ a dual encryption mechanism to ensure your Token security:

RSA-OAEP Asymmetric Encryption Secures Token transmission and storage

AES-GCM Symmetric Encryption Provides an additional protection layer for system private keys

This mechanism ensures your Token's security even in extreme cases of database breaches.

Encryption System Specifications

Encryption Type	Parameters	Usage
AES-GCM	• 256-bit key length • 12-byte IV	Symmetric encryption, protects system private keys
RSA-OAEP	• 2048-bit key length • SHA-256 hash	Asymmetric encryption, protects user Tokens

Encryption Process Details

1. System Initialization

Load AES key from environment variables
Generate new RSA key pair
Encrypt RSA private key using AES-GCM

2. Token Encryption

Client retrieves RSA public key
Encrypts user Token using public key
Securely stores encrypted data

3. Token Decryption and Usage

Decrypt stored RSA private key
Decrypt user Token
Execute API calls

Security Design Features

🔐 Key Isolation

AES key stored in Cloudflare environment variables (Secrets)
RSA private key stored encrypted
Secure public key distribution mechanism

📋 Data Standards

RSA keys in JWK format
Base64 encoded transmission
Independent IV storage

🛡️ Encryption Standards

AES-GCM authenticated encryption
RSA-OAEP secure padding
Web Crypto API implementation

Data Security Flow

1. Server-side Flow

Environment Variables

Load AES Key

Encryption Process

Generate and encrypt RSA private key

Secure Storage

Store encrypted private key

2. Client-side Flow

Client

Retrieve RSA public key

Encryption

Encrypt Token using public key

Transmission

Send encrypted Token to server

3. Access Flow

Retrieval

Read encrypted Token

Decrypt Private Key

Decrypt RSA private key using AES

Decrypt Token

Decrypt Token using private key

API Access

Execute API calls

Security Measures

⚡️ Key Management

AES key exists only in environment variables
Supports key rotation mechanism
Permanent encrypted storage of private keys

🔄 Operational Standards

Dynamic initialization vector generation
Standard encryption libraries
Strict encryption process

We strictly follow encryption best practices to ensure system security meets the highest standards. All encryption operations are implemented using the Web Crypto API.

Best Practices and Support

🎯 Core Measures

Real-time Monitoring — Monitor API access patterns, detect anomalies promptly
Security Audit — Complete operation logs, regular security reviews
Continuous Assessment — Regular security assessments and penetration testing

📞 Security Support

If you discover any security issues, please contact us immediately:

📧[email protected]

We commit to responding to all security-related reports within 24 hours

See all posts