Data Protection & Encryption

Clique Wallet implements comprehensive data protection through multiple layers of encryption, ensuring that sensitive information remains secure in use, at rest, and in transit.

Encryption in Use

All critical cryptographic operations in Clique Wallet are performed within the TEE's hardware-protected enclaves. When private keys are generated, stored, or used for transaction signing, they exist only in encrypted form within the TEE's secure memory. The TEE ensures that private keys are never exposed in plaintext, even during active use. This hardware-level encryption protects keys from being accessed by the host operating system, hypervisor, cloud provider infrastructure, or any other software running on the system.

The TEE's encryption operates transparently at the CPU level, automatically encrypting data when it enters the enclave and decrypting it only within the secure execution environment. This means that even if an attacker gains root access to the system, performs memory dumps, or attempts to extract keys through debugging, the private keys remain cryptographically protected and inaccessible outside the TEE.

Encryption at Rest

All sensitive user data stored in Clique Wallet's databases is encrypted before being persisted. This includes user wallet information, API keys, session data, and other sensitive records. The encryption uses industry-standard algorithms that provide both confidentiality and authenticity.

The encryption architecture uses a hierarchical key management system where encryption keys are securely managed and stored within the TEE. Different types of data use separate encryption keys, ensuring that a compromise of one data type does not affect others. Each encryption operation uses cryptographically secure random values to ensure that identical data produces different ciphertext, preventing pattern analysis attacks.

The encryption system includes built-in data integrity verification, which means any attempt to tamper with encrypted data will be detected during decryption. Even if an attacker gains access to the database, the encrypted data remains unreadable without access to the encryption keys, which are protected within the TEE.

Encryption in Transit

All communications between users and Clique Wallet services are protected using HTTPS (TLS/SSL) encryption. This ensures that:

• Data transmitted over the network cannot be intercepted or read by third parties

• Man-in-the-middle attacks are prevented through certificate validation

• Data integrity is maintained during transmission

• Authentication between client and server is cryptographically verified

Clique Wallet uses strong TLS configurations with modern cipher suites, ensuring that all network traffic is encrypted with industry-standard protocols. This protection extends to all API endpoints, authentication flows, and data synchronization operations.