To connect to your server, parboard uses three pieces of credentials: your server's url, your server's public application Id, and your server’s master key. The url is where your parse server instance is mounted, and your application Id is a public key used to connect to your app by clients.
Some features, such as fetching and editing the server’s schema or running background jobs and sending notifications, require the master key.
Parboard never has access to any of your master keys. This data is encrypted on your device and only sent to Parboard’s servers in its encrypted form. When you log in to your Parboard account and access an app, this encrypted key is fetched and locally decrypted on your device. This way only you have access to the key.
Before it's stored in Parboard's servers, your master key is encrypted by a key generated from your account’s password. For the technically inclined, your Parboard account’s password is used along with a randomly generated salt to generate a 32-byte key using 5000 iterations of PBKDF2 rounds. This key is then used to encrypt your master key with 256-bit AES encryption. Only the encrypted data is stored on Parboard - the encryption key itself never leaves your computer.
When you login to Parboard, a password hash is sent to our servers to verify it’s you. Once you’re verified, your encrypted data is sent to you. Your encryption key is regenerated by the process above, and your data is then locally decrypted on your computer.
You can monitor how Parboard uses your master key by using your browser's developer tools.
Parboard is beta testing! Sign up below to request access.