Sepior Encryption Technology Protects Online Documents for eSignature Company Penneo

Groundbreaking Key Management-As-A-Service (KMaaS) technology enables Key and Lock Separation For Secure Document Transactions

Aarhus, Denmark (March 31, 2017)

Penneo, a digital signature platform used to validate electronic documents, announced the integration of Sepior KMaaS technology to protect its clients’ documents on the cloud. The feature, being rolled out to selected customers, allows them to encrypt and protect documents stored online in Penneo’s managed archive.

Sepior’s patented technology, based on the use of secure multi-party computation for encryption key management, encrypts data using strong keys, and makes the keys inaccessible to any single third party. The keys are distributed across different cloud servers, preventing any unauthorized parties from assembling them to access the documents, whether it be a Penneo employee, a hacker, or a government entity.

High-level architecture

When a Penneo user wishes to protect a signed agreement or contract with Sepior keys, he or she simply selects this option from the Penneo web user interface. A Sepior SDK provided in JavaScript and integrated with the Penneo application in the browser then authenticates the user and manages the creation of key shares that reside in distributed key servers. The SDK then recombines the key shares into the cryptographic key used to encrypt the document. The encrypted document is then copied to the Penneo cloud for secure storage and sharing. The encryption key is not known to Penneo and does not exist in any single server in the cloud. Similarly, when a Penneo user wishes to access a signed and encrypted document from the online archive, the Sepior SDK receives the encrypted document from the Penneo application, authenticates the user, and acquires the cryptographic key needed to decrypt the document from Sepior’s KMaaS or distributed key servers. Using these two pieces of information, the archived document can be presented to the user in a readable format.

The overall architecture delivers a true Key-and-Lock-Separation environment that may be necessary for compliance in regulated sectors. Since encryption is performed at the client device running the Penneo application, all documents are protected end-to-end, without relying on any additional perimeter or cloud security layers.

Penneo’s application also utilizes the Danish public key infrastructure (PKI) known as NemID, used by all Danish citizens over the age of 13 for secure online banking transactions. Federated authentication is used  for both Penneo and Sepior, streamlining the process.

Sepior is rolling out the Sepior KMaaS service to security-conscious businesses worldwide. The company offers an SDK for integration with any SaaS application and a plugin for Amazon’s Simple Storage Service (S3).. Additional plugins for popular IaaS service providers such as Microsoft Azure and Google Cloud are also available. A Sepior customer can use the same Sepior KMaaS to manage keys for multiple clouds, eliminating the pain of implementing Bring Your Own Key (BYOK) scenarios with any cloud service provider.

About Sepior

Founded in 2014 as a spinout from the University of Aarhus in Denmark, Sepior develops key management solutions for encrypting data on the public cloud. Using patented cryptographic protocols, Sepior’s RSA award-winning team of cryptography experts have developed a practical virtual Key Management Service (KMS) using secure multi-party computation (MPC), a technique for splitting cryptographic keys between different providers that results in distributed trust.  As the industry’s first true cloud-native KMS based on MPC, Sepior gives businesses full control over the encryption keys used by their SaaS-providers without relying on any single SaaS-provider, and at SaaS economics.

The company is partially funded by a grant from the European Union’s Horizon 2020 Research and Technology program.

About Penneo

Copenhagen, Denmark-based Penneo develops a popular eSignature platform that helps companies get their documents signed digitally - easier, faster and more securely. Once a document has been signed by the verified recipient, it’s stored for later access in a document archive managed by Penneo and hosted in the cloud. With many customers in the financial sector, security and compliance is of the highest priority.

For more information, visit

PR Contact

Tim Templeton