Matomo

Hermes – end-to-end secure data storage

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Cossack Labs
search
Zero trust, end-to-end encrypted, secure data storage and sharing framework

Hermes

Zero trust, end-to-end encrypted, secure data storage and sharing framework

Enforce access control and facilitate sharing with end-to-end encryption via client-side SDK. Hermes provides cryptographically protected data processing and data collaborating without the need to re-encrypt an excessive amount of data.

Product sheet

A simple way of collaborating on end-to-end encrypted data

  • tab 0 icon 1 tab 0 icon 2
    Secure granular CRUD

    Secure granular CRUD

    Let multiple users collaborate on shared data structures with granular access control and key management over each data block, while enforcing different cryptographic protections on all CRUD operations.

    Zero-trust ACL

    Zero-trust ACL

    Traditional access control has ACL lists and ACL engine that enforces access rights, which you have to trust. In Hermes, access rights are enforced cryptographically, so you don’t have to trust anything to be sure that no one unwanted has access to the data.

    Convenient storage

    Convenient storage

    Data is stored encrypted, but does not require re-encryption during changing the access rights, key revocation or planned key rotation. Convenient data model allows to integrate Hermes with different architectures and storage schemes.

Industries

Hermes’ unique capabilities are the best to protect shared structured documents, where different fields have different security risks and access control patterns.

Finance

Finance

Store and process customer payment data and PII securely, minimise insider threats and enable secure, accountable cross-organisation data exchange.
Healthcare

Healthcare

Share FHIR and other medical records safely and distribute granular access to all entities in your system. Spend less on access control while gaining more fine-grained security.
Enterprise

Enterprise

Protect commercially sensitive data and enforce access control, integrate with existing PKI and IAM, enforce group policies and efficient key/storage management – all the while keeping the data end-to-end encrypted.

Advanced use-cases

  • Cryptographic access control

    Deploy Hermes to build cryptographic access control in your application: grant and revoke read and write access through a cryptographic scheme resistant to privilege escalation attacks.

    Secure distributed collaboration

    Hermes is a cryptography-based method of providing protected data storage and sharing that allows the enforcement of cryptographically-checked permissions between any number of Hermes clients.

  • Multi-user object store

    Build end-to-end secure document/object stores where every document or field’s access rights can be granted to any registered user of the system, transparently, and with low overhead.

    Security layer for data exchange

    Collaborating securely when a document is one blob of data is straightforward, but modern documents are actually large tree-like structures. Hermes is designed precisely for today’s applications.

Available for:

Linux Python Go C++

Get started with Hermes

See Hermes documentation for more info and how-tos

GitHubGitHub
Scientific paper
Implementation Paper

Related materials

Transparent data encryption for SQL databases with Acra 0.93

Transparent data encryption for SQL databases with Acra 0.93

Fully transparent encryption of sensitive fields is possible with open source Acra 0.93 release. Acra works on SQL protocol level, hiding details from developers and reducing encryption ...

Introduction to automated security testing

Introduction to automated security testing

Keep your code shipshape and reduce vulnerabilities with automated security testing. Delve into ways and tools of software security testing that developers and platform engineers can set...

Cryptographic failures in RF encryption allow stealing robotic devices

Cryptographic failures in RF encryption allow stealing robotic devices

Stunned by losing their robotic devices, [REDACTED] learnt that they were hijacked by attackers even with communication being encrypted. Having researched its firmware and found numerous...

Go to blog

Contact us

Get whitepaper

Thank you!
We’ve received your request and will respond soon.