At a time when economic and digital sovereignty are at the heart of concerns, at Seald we are proud to announce that our product has a Security Visa from the ANSSI with a CSPN.
When Seald was created in 2016, we already had the will to have our solutions certified to demonstrate the seriousness of our solutions. At the end of 2019, we took the decision to start this process.
This process begins with the selection of the scope to be assessed. At Seald, our solutions are many and varied to cover a maximum of use cases. It would therefore be unrealistic to certify everything, especially since the certification is only valid for a given version and not the updates that follow.
Once the perimeter was established, we formally defined which threats we wanted to guard against: the security target. On this subject, we offer our off-the-shelf solutions, but they are all based on a server, which is offered in Cloud or on-demand.
To be very strict, we therefore decided to consider this server as potentially compromised and to prove that, despite this hypothesis, the confidentiality of the elements protected with Seald was not compromised. This is why the certification only concerns the "client" part of the Seald technology: the Seald-SDK.
This target includes most of the cryptographic mechanisms associated with the Seald technology for which we have provided a cryptographic supply document detailing the algorithms used and the way Seald manages keys, the addition of a posteriori rights, multi-devices, etc.
It was written in collaboration with a CESTI, which we commissioned to evaluate the product: Synacktiv, whom we thank very much for their professionalism and availability.
Better Seald than sorry.