Technical Background

Technical Background - Security


All assets you upload and store in KDMS Cinestash are AES encrypted with a unique, random 256-bit key.

The AES keys are encrypted with a 4096-bit RSA key and are never uploaded unencrypted to the internet or our data centers. Any connections from the KDMS client to our servers are encrypted via HTTPs.

As of today, this form of AES encryption is considered absolutely secure. Let us quote the U.S. Government:
“The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths.”

The AES key is encrypted with our public 4096-bit RSA key and transferred to our server. Your key can only be decrypted by our private key. We keep our private key with the highest security possible on a machine physically separated from our network and the internet. Access is limited, highly controlled, and only possible for specially trained personnel of KDMS.

When you order a decryption key for your customer or client, the archive password is decrypted, and a personalized decryption key is created and sent to your client. This decryption key is also RSA encrypted.

To decode an archive, an attacker needs three components:

❌ the archive from the storage (which is protected against unauthorized downloads)
❌ the decryption application (which is not publicly available)
❌ a personalized decryption key (which we will only send out to the people you want)

Technical Background - Storage


Every archive you upload is stored in a data center in the Netherlands and mirrored to Germany.

We regularly mirror your data from the Netherlands to our data center in Germany. This means the data is available in two independent locations in Europe, in multiple copies and high redundancy.

The data center in the Netherlands gives you the bandwidth you need for the fastest possible delivery worldwide with complete access control.

Your data is only stored in datacenters in Europe and will only be transported outside Europe if you order this in Cinestash Client.

Our local data center gives us the possibility for fast file conversions and delivery via DHL or FedEx.

Even in our local data center, we keep your files always encrypted. We only decrypt files for hard disk shipments or file conversions you have ordered. After processing, we immediately delete the unencrypted files from our disks.

Don’t miss the future of digital media transformation