Cybersecurity News, Threat Intelligence & CISO Best Practices

Secure password sharing with encrypted links, separate passkeys and browser-side decryption using the CyberRiskEvaluator secure sharing tool.

Passwords are supposed to be secret. API keys are supposed to be secret. Recovery codes, encryption keys, administrative credentials, temporary access codes, and database passwords are all supposed to be secret.

Yet, inside real organizations, these secrets frequently need to move from one person to another (maybe an external employee or third party).

An administrator needs to provide a temporary password to a supplier. A service desk needs to send a recovery credential to a user. A developer needs to provide an API secret to another team. A cybersecurity team needs to transfer an emergency credential during an incident. A consultant needs temporary access to a protected environment.

The technical problem is simple:

How can one person securely transmit a sensitive secret to another person without leaving the plaintext secret permanently exposed in email, chat history, support tickets, or collaboration platforms?

This is where secure secret-sharing systems based on strong encryption, encrypted links, separate-channel passkeys, and client-side browser decryption provide a useful additional security layer.

The objective is not simply to encrypt a password.

The objective is to design a system in which compromising one component of the communication chain is not automatically sufficient to recover the secret.


The Password-Sharing Problem

Modern companies have invested heavily in protecting stored credentials.

Enterprise password managers, privileged access management platforms, multifactor authentication, single sign-on, hardware security keys, and identity governance systems have considerably improved credential security.

But a difficult operational problem remains:

secrets sometimes have to be transferred.

The moment a secret is copied from a protected vault and pasted into an email, Microsoft Teams message, Slack conversation, SMS, ticketing system, or documentation platform, the security model changes.

The password is no longer simply a credential.It has become data. And that data may now be:

  • retained for years;
  • indexed for search;
  • synchronized to multiple devices;
  • included in backups;
  • accessible to administrators;
  • exposed through compromised accounts;
  • copied into notification systems;
  • forwarded to additional recipients;
  • captured in screenshots;
  • stored in browser history or local application databases.

The problem is therefore not limited to encryption during transport.

TLS already protects most modern communication channels against simple network interception.

The deeper issue is persistent exposure at the endpoints and inside communication systems.

A password sent in an email may remain readable long after the password was originally needed.

A secret sent through a corporate messaging platform may become part of a long-term organizational archive.

The security question is therefore:

Can we send access to a secret without sending the secret itself as persistent plaintext?

A well-designed encrypted secret-sharing mechanism can help solve precisely this problem.


The Core Security Principle: Separate Access from Decryption

One of the strongest architectural ideas behind secure secret sharing is the separation of two functions:

  1. locating the encrypted secret;
  2. decrypting the encrypted secret.

These should not necessarily rely on the same piece of information.

Consider a system where the recipient receives:

Channel 1 — Email

https://cyberriskevaluator.com/secure/RANDOM_ACCESS_TOKEN

and separately receives:

Channel 2 — phone, Signal, verbal communication, or another trusted channel

PASSKEY:
Green-Horse-Berlin-792!

The link provides access to the encrypted object.

The passkey provides the information necessary to derive the cryptographic key required for decryption. Neither component should be sufficient on its own. This creates a form of security compartmentalization.

An attacker who compromises the email account may obtain the link, but not necessarily the passkey.

An attacker who observes the second communication channel may learn the passkey, but without the access token may not know where the encrypted object is stored.

This principle is particularly useful because many real-world breaches are partial rather than absolute.

Attackers often compromise one mailbox, one SaaS account, one endpoint, or one communication channel.

Good security architecture should therefore avoid making a single compromised channel equivalent to total compromise.


Step 1: The Passkey Is Not the Encryption Key

A human-readable passkey such as:

Green-Horse-Berlin-792!

should not simply be used directly as an AES encryption key.

Human-generated passwords and passphrases do not naturally provide the fixed-size, uniformly distributed key material expected by modern symmetric encryption algorithms.

A key derivation function is therefore used.

Conceptually:

PASSKEY
   +
RANDOM SALT
   +
ITERATION COUNT
   |
   v
PBKDF2-HMAC-SHA-256
   |
   v
256-BIT AES KEY

NIST SP 800-132 describes password-based key derivation techniques for producing cryptographic key material from passwords and passphrases.

This is an important distinction.

SHA-256 alone is a cryptographic hash function. Simply hashing a weak password once does not make the original password strong.

Password-based key derivation functions are designed to make password guessing more computationally expensive.

This means that instead of:

AES_KEY = SHA256(passkey)

a better conceptual construction is:

AES_KEY =
PBKDF2-HMAC-SHA256(
    passkey,
    random_salt,
    iteration_count
)

The exact parameters must be selected carefully and reviewed over time. NIST has also announced work to revise SP 800-132, including consideration of additional guidance and memory-hard password-based approaches, illustrating that password-derivation recommendations continue to evolve.


Step 2: Why the Salt Is Important

A salt is a random value generated for the key derivation process.

For example:

Passkey:
Green-Horse-Berlin-792!

Salt:
6b2a7f83296e1c4d...

The salt does not have to remain secret.

Its purpose is to ensure that the same passkey does not always produce the same derived encryption key.

For example:

PBKDF2("MySecret123", salt_A)
→ AES key A

while:

PBKDF2("MySecret123", salt_B)
→ AES key B

produces different key material.

This prevents systems from creating identical derived keys simply because two encryption operations happen to use the same passphrase.

The salt can therefore be stored alongside the encrypted record.

A database record might contain:

ciphertext
salt
IV
authentication data
iteration parameters
expiry time
token hash

But it should not need to contain:

plaintext secret
passkey
derived AES key
raw access token

This distinction between public cryptographic parameters and secret cryptographic material is fundamental to good cryptographic design.


Step 3: Why AES-256-GCM Is More Than Encryption

After the encryption key has been derived, the secret can be encrypted with an authenticated encryption mode such as AES-GCM.

NIST defines GCM as a mode for authenticated encryption with associated data. In practical terms, it provides both confidentiality and a mechanism to detect unauthorized modification of the protected data.

Consider this plaintext:

AdminPassword!9283

The encryption process produces encrypted data and authentication information.

Conceptually:

Plaintext
    +
AES key
    +
IV
    |
    v
AES-256-GCM
    |
    +----> Ciphertext
    |
    +----> Authentication Tag

The authentication component matters enormously.

Encryption without integrity protection can leave systems vulnerable to certain forms of ciphertext manipulation.

With authenticated encryption, a modification to the ciphertext should cause authentication verification to fail rather than silently producing manipulated plaintext.

This is why modern secure designs generally require more than simple confidentiality.

The system should be able to answer two questions:

  1. Can an unauthorized party read the secret?
  2. Can an unauthorized party modify the encrypted data without detection?

Authenticated encryption addresses both concerns.


Step 4: The IV or Nonce

AES-GCM requires an initialization vector, often discussed as a nonce in this context.

For example:

AES key:
7e8ac4f19d...

IV:
91f4c282e907f56eab1291c3

The IV is not a password and does not normally need to remain secret.

But it must be managed correctly.

For GCM, avoiding nonce reuse under the same key is critically important. NIST has specifically emphasized IV uniqueness as a significant requirement for GCM security.

This is an excellent example of why cryptographic security depends on architecture and implementation—not merely on choosing an algorithm with a strong name.

Saying “we use AES-256” is not enough.

Security also depends on:

  • correct key generation;
  • correct key derivation;
  • correct nonce generation;
  • correct authentication-tag handling;
  • secure randomness;
  • proper secret lifecycle management;
  • implementation quality.

Cryptography is a system, not a checkbox.


Step 5: Protecting the Link with a Random Token

The encrypted record still has to be retrieved.

One approach is to generate a cryptographically strong random access token:

Qm83kfH2x9PzL7...

The URL might contain:

https://cyberriskevaluator.com/secure/?t=Qm83kfH2x9PzL7...

The raw token itself should ideally not need to be stored directly in the application database.

Instead:

URL token
    |
    v
SHA-256
    |
    v
Token hash
    |
    v
Database

When the link is used:

Received token
      |
      v
   SHA-256
      |
      v
Compare with stored token hash

This architecture follows the broader security principle of storing a verifier rather than an immediately reusable bearer value where practical. However, there is an important limitation:

hashing a token does not make a weak token secure.

The access token itself must have sufficient cryptographic randomness.

SHA-256 is a cryptographic hash standard, but the strength of this particular access-control design also depends on the entropy and unpredictability of the original token.


Browser-Side Decryption Changes the Trust Model

One of the most interesting aspects of modern secret-sharing architectures is the possibility of performing the cryptographic operation directly in the browser.

The W3C Web Cryptography API provides standardized browser interfaces for operations including encryption, decryption, hashing, and key-related operations; its algorithm support includes constructs relevant to AES-GCM and PBKDF2-based designs.

The decryption workflow can therefore conceptually look like this:

1. User opens secure URL
                 |
                 v
2. Server validates token
                 |
                 v
3. Browser receives:
      ciphertext
      salt
      IV
      KDF parameters
                 |
                 v
4. User enters passkey
                 |
                 v
5. Browser derives AES key
                 |
                 v
6. Browser verifies and decrypts ciphertext
                 |
                 v
7. Plaintext displayed locally

This approach can provide an important architectural advantage:

the application does not necessarily need to receive the plaintext secret during the recipient’s decryption operation.

The server delivers encrypted data.

The recipient provides the passkey locally.

The browser derives the key and performs the decryption.

The server can remain responsible for storage, access control, expiry, and retrieval while the decryption step occurs at the endpoint.

This reduces the number of places where plaintext secret material must exist.


Why This Is Needed Even When the Organization Has a Password Manager

A reasonable question is:

If the company already has an enterprise password manager, why would it need encrypted secret sharing?

Because these systems solve overlapping but not identical problems.

Password managers are excellent for persistent credential storage and controlled organizational access.

But temporary secret transfer frequently occurs outside ideal workflows.

Examples include:

External consultants

A supplier may require a temporary credential but may not have access to the company’s internal password-management system.

Incident response

During an emergency, credentials or recovery information may need to be transferred rapidly between specific individuals or organizations.

Temporary passwords

Help desks and administrators sometimes need to provide initial or temporary access information.

Recovery codes

Backup authentication codes or one-time recovery secrets occasionally need to be transferred securely.

API and application integration

Development and infrastructure teams may need to transmit temporary bootstrap secrets before a more permanent machine-to-machine secret-management mechanism is established.

Cross-organizational collaboration

Two organizations may not share the same identity, privileged access, or secret-management infrastructure.

A secure secret-sharing mechanism should not replace PAM, vaulting, workload identity, short-lived credentials, or automated secret-management systems.

Instead, it addresses the narrow but persistent problem of human-to-human transfer of sensitive information.


The Security Advantages of the Architecture

1. No Persistent Plaintext in Normal Communication Channels

The most obvious advantage is that the actual secret does not need to be placed directly in an email or chat message.

This reduces exposure in:

  • mailbox archives;
  • chat histories;
  • ticketing systems;
  • notification previews;
  • synchronized devices;
  • search indexes;
  • message backups.

2. Separation of Communication Channels

The encrypted link and the decryption passkey can be transferred independently.

This means that compromising one communication channel may not automatically be sufficient to obtain the secret.

The effectiveness of this control naturally depends on the independence of the channels.

Sending both the URL and passkey in two consecutive messages in the same compromised mailbox provides little meaningful separation.

Real separation requires thoughtful channel selection.


3. Client-Side Decryption

When implemented correctly, plaintext recovery can occur in the recipient’s browser.

This can reduce server-side plaintext exposure during normal decryption and reduce the amount of sensitive information available to application-layer logging or processing components.

But this advantage comes with a corresponding requirement:

the client-side application itself must be trusted.

A compromised JavaScript bundle, malicious third-party dependency, cross-site scripting vulnerability, or compromised delivery infrastructure could potentially undermine a client-side cryptographic model.

Browser-side cryptography reduces one class of risk; it does not eliminate the need for application security.


4. Reduced Database Breach Impact

A database containing properly encrypted ciphertext is fundamentally different from a database containing plaintext passwords.

If the database stores:

ciphertext
salt
IV
KDF parameters
token hash
expiry metadata

but not:

passkey
plaintext
derived encryption key
raw token

then database theft alone may not immediately reveal the protected secret.

However, the real security level still depends heavily on passkey strength and the chosen KDF parameters.

A weak four-digit PIN remains weak even when surrounded by sophisticated cryptography.


5. Built-In Integrity Verification

Authenticated encryption can detect unauthorized modification of encrypted content.

AES-GCM provides authenticated encryption, combining confidentiality with authentication functionality.

This means the design protects not only against unauthorized reading, but also against undetected manipulation of protected data.


6. Expiration and One-Time Retrieval

Encrypted secret-sharing systems can implement a limited secret lifecycle.

Examples include:

Expire after 15 minutes
Expire after 4 hours
Expire after 24 hours
Delete after first successful retrieval
Delete after a defined number of retrieval attempts

This creates a major operational distinction from ordinary email.

An email containing a password may survive indefinitely.

A temporary encrypted secret can be designed to disappear.


A Realistic Threat Model

The strength of this architecture becomes clearer when evaluating compromise scenarios.

Scenario 1: Email account compromised

The attacker obtains:

✓ secure URL
✓ access token

but potentially lacks:

✗ passkey
✗ derived AES key
✗ plaintext secret

The security outcome depends on whether the passkey was genuinely sent through an independent channel.


Scenario 2: Database stolen

The attacker may obtain:

✓ ciphertext
✓ salt
✓ IV
✓ KDF parameters
✓ hashed token

but not necessarily:

✗ plaintext secret
✗ passkey
✗ derived AES key
✗ raw URL token

The attacker may still attempt offline passkey guessing against the encrypted object, which is why a strong passkey and appropriate password-based key derivation parameters remain essential.


Scenario 3: The second communication channel is compromised

The attacker may learn:

✓ passkey

but still lack:

✗ access URL
✗ access token
✗ encrypted object

Again, this assumes that the channels are genuinely independent.


Scenario 4: Recipient endpoint compromised

This is the difficult case.

If the recipient’s browser or operating system is fully compromised, malware may be able to capture:

  • the passkey;
  • the decrypted plaintext;
  • clipboard data;
  • screenshots;
  • keyboard input.

No encryption architecture can magically protect plaintext from a fully compromised endpoint at the exact moment an authorized user decrypts and views it.

This limitation must be acknowledged honestly.

The purpose of the system is to reduce exposure and eliminate unnecessary plaintext persistence—not to create impossible guarantees.


What Secure Secret Sharing Does Not Solve

A good security architecture must define its limits.

Secure encrypted links do not automatically protect against:

  • compromised recipient endpoints;
  • keyloggers;
  • screen capture malware;
  • malicious browser extensions;
  • weak passkeys;
  • social engineering against the recipient;
  • insecure application code;
  • compromised frontend JavaScript;
  • poor random-number generation;
  • incorrect IV management;
  • secrets copied elsewhere after decryption.

The technology is therefore one control in a layered security strategy.

It is strongest when combined with:

  • endpoint protection;
  • multifactor authentication;
  • short-lived credentials;
  • privileged access management;
  • strong identity verification;
  • restrictive secret lifetimes;
  • application security controls;
  • secure software supply chains;
  • monitoring and logging that intentionally exclude sensitive data.

Security Is Also About Reducing the Lifetime of Secrets

The most important insight may not actually be about AES.

It is about exposure time.

A password sitting in a mailbox for five years has a different risk profile from a temporary secret that:

  1. is strongly encrypted;
  2. is accessible through a random token;
  3. requires a separately transferred passkey;
  4. expires after a short period;
  5. is deleted after retrieval.

Organizations often focus heavily on preventing initial compromise while paying less attention to how long sensitive information remains available after its original business purpose has disappeared.

Secret-sharing architecture can apply the same principle that security teams increasingly use elsewhere:

reduce privilege, reduce exposure, and reduce lifetime.


The Right Place for Secure Secret Sharing in Enterprise Security

Encrypted secret sharing should not become an excuse for distributing permanent administrator passwords.

The strategic direction of modern identity security should still favor:

  • individual identities;
  • phishing-resistant MFA;
  • short-lived authorization;
  • just-in-time privilege;
  • workload identities;
  • automated secret rotation;
  • privileged access management;
  • elimination of shared accounts where possible.

But reality remains messy.

Organizations still operate legacy systems.

External parties still require temporary access.

Recovery codes still exist.

Bootstrap secrets still have to be transferred.

Emergency situations still occur.

And people still paste passwords into email.

For these practical situations, a properly designed encrypted secret-sharing mechanism is significantly better than pretending that the transmission problem does not exist.


Conclusion: The Goal Is Not Just Encryption—It Is Separation of Trust

The strongest aspect of secure secret sharing is not one individual algorithm.

AES-256 is powerful.

PBKDF2 provides password-based key derivation.

SHA-256 can protect token verifiers.

Random salts prevent deterministic password-derived keys.

Correctly managed IVs support safe authenticated encryption.

Browser cryptography can move decryption toward the recipient endpoint.

But the real security value comes from the architecture that combines these elements.

The objective is not to build an indestructible communication channel.

The objective is to ensure that compromising a mailbox, database, chat history, or individual communication channel is not automatically equivalent to compromising every secret that has ever passed through it.

For CISOs, that is the real value of secure secret sharing:

not merely stronger encryption, but a better distribution of trust.

Leave a Reply