PassCypher — Intersec Awards 2026 Finalist among the world's top 5 cybersecurity solutions (Best Cybersecurity Solution category, Dubai). Learn more →

PassCypher HSM PGP

CryptPeer® and PassCypher HSM PGP Compatibility

PassCypher HSM PGP is compatible with CryptPeer® for entering credentials including the TOTP pin code (Time-based One-Time Password). Secure 2-click connection, without typing anything on the keyboard, with multi-factor authentication.

  • Passphrases >256 bits — secure storage in an HSM
  • TOTP secret keys — one-time codes for 2FA authentication
  • 2-click connection — direct injection into fields without plaintext exposure
  • Anti-BITB + sandbox URL — protection against phishing, typosquatting and credential theft during login
  • PassCypher NFC HSM compatibility — secure segmented key pairing between Android NFC phone, NFC TAG/CARD HSM and PC extension
  • Secure SSH keys — creation of SSH keys (RSA, ECDSA, ed25519) via EviSSH, password-protected and storable in an HSM

How PassCypher HSM PGP Works with CryptPeer

PassCypher HSM PGP is a fully automated password management solution that leverages advanced security protocols. With its Zero Trust and Zero Knowledge architecture, the system operates without servers, databases, or user accounts.

For CryptPeer®, PassCypher HSM PGP enables you to:

  • Enter the master passphrase (>256 bits) without typing anything on the keyboard
  • Automatically inject the TOTP code (two-factor authentication) into the dedicated field
  • Connect in 2 clicks with maximum security against keyloggers and shoulder surfing
  • Store credentials in AES-256 CBC PGP encrypted containers

Key Features

Segmented Key

Patented system: key segments are stored across different media (USB drive, SSD, NAS, Cloud). Without the external physical device, the system cannot function.

AES-256 CBC PGP Encryption

Your credentials are automatically encrypted and stored in secure containers. Temporary decryption in volatile memory (< 1 second) during login.

TOTP Protection

TOTP secret keys are stored securely. The one-time code is generated and automatically injected into the CryptPeer field without screen exposure.

Anti keylogger & shoulder surfing

Credentials are never displayed in plaintext or passed through the clipboard. Direct injection into fields in under one second.

Secure SSH keys (EviSSH)

Creation of password-protected SSH keys (RSA 2048/3072/4096, ECDSA 256/384/521, ed25519). Storage possible in an HSM. EviSSH SSH Key Management →

PassCypher NFC HSM PassCypher NFC HSM Compatibility

PassCypher HSM PGP is compatible with PassCypher NFC HSM through a secure segmented key pairing system between:

  • the Android NFC phone
  • the NFC TAG/CARD HSM
  • the PassCypher HSM PGP extension on computer

Pairing relies on the patented segmented key technology (patent WO2018154258), ensuring a secure link between the three components without exposing secrets.

Patented Freemindtronic Technologies Embedded

PassCypher HSM PGP embeds several patented Freemindtronic technologies:

  • EviBITB — Detection and removal of BITB (Browser-in-the-Browser) iframes to neutralize phishing: EviBITB Stop BITB Phishing
  • EviPass HSM PGP — Secure password, SSH key and passphrase management: EviPass HSM PGP
  • EviOTP HSM PGP — TOTP/HOTP key management with secure injection: EviOTP HSM PGP
  • EviSSH — Creation of secure SSH keys (RSA, ECDSA, ed25519) password-protected and storable in an HSM: EviSSH SSH Key Management
  • EviEngine — Web service automation without servers or databases: EviEngine

Regulatory Compliance — Advantage for Critical Entities and Regulated Sectors

PassCypher HSM PGP offers a higher level of compliance than most cloud-based password managers, which depend on third-party servers and extraterritorial jurisdictions. Our architecture facilitates compliance for organizations subject to European and international regulations:

  • GDPR — Data minimization, Zero Knowledge, no processing of personal data for the password manager's operation
  • NIS2 — Serverless architecture, no dependency on third-party providers, strong encryption, MFA, resilience (air-gap mode)
  • DORA — Operational resilience: infrastructure under control, no critical third party for credential access
  • CRAEU Declaration of Conformity (Cyber Resilience Act, Module A)
  • NIST Cybersecurity Framework 2.0 — Alignment with Govern, Protect, Detect functions: strong authentication, access control, asset management
  • ISO/IEC 27001 — AES-256 encryption, access control, asset management (segmented keys)
  • CLOUD Act / Patriot Act immunity — No data stored with providers subject to extraterritorial jurisdictions (US)

Most cloud password managers depend on third-party servers and databases, exposing their users to legal and technical risks. PassCypher HSM PGP, 100% offline and sovereign, reduces these risks by design — a differentiating advantage for your presentations versus competitors.

CryptPeer® Connection Protection

Thanks to anti-BITB (EviBITB) and sandbox URL verification, PassCypher HSM PGP protects the CryptPeer® connection against:

  • BITB phishing — Detection and removal of "browser-in-the-browser" iframes that mimic a fake CryptPeer page
  • Typosquatting — The active URL is verified before injection: if the domain does not match the encrypted container's URL, no credentials or TOTP code are injected
  • Keyloggers — Direct injection, no keyboard input
  • Shoulder surfing — Secrets are never displayed on screen

PassCypher secures the entry point (credentials). Protection against MITM, server compromise, or post-login threats is handled by the CryptPeer® architecture (E2E encryption, etc.).

DEF CON 33 — Vulnerabilities Revealed

At DEF CON 33 (August 2025), researchers demonstrated critical flaws in password managers and FIDO/WebAuthn passkeys:

  • WebAuthn Interception — Synced passkeys (Apple, Google, Microsoft) are not 100% phishing-resistant: a real-time spoofed prompt can hijack authentication. Passkeys WebAuthn Interception
  • DOM Clickjacking — 11 password managers were exposed as vulnerable: invisible iframes and Shadow DOM can exfiltrate credentials, TOTP and passkeys. DOM Extension Clickjacking

PassCypher HSM PGP eliminates these vectors by design: Zero-DOM architecture (no secrets transit through the DOM), no spoofable prompt, no cloud, segmented keys.

Quick Installation

  1. Browser extension: Chrome Web Store or Microsoft Edge Add-ons
  2. PassCypher Engine: Windows or macOS
  3. Segmented key: Generate or import your key, specify the path of the second segment (USB drive, SSD, etc.)
  4. CryptPeer container: Create an encrypted container with CryptPeer URL, username, password and TOTP secret

Complete guide: How PassCypher HSM PGP Works

Video: Quick installation (YouTube)

Benefits for CryptPeer®

Feature Benefit
Master passphrase>256 bits, stored in HSM, never typed on keyboard
TOTP codeAutomatic generation and injection into CryptPeer 2FA field
2-click connectionOne click to open, one click to connect — without exposing secrets
Multi-storageUSB drive, SSD, NAS, Cloud — you choose where to store your segments
Offline operationNo internet connection required to access your credentials
Anti-BITB + sandbox URLProtection against phishing, typosquatting and credential theft during login
PassCypher NFC HSMSecure segmented key pairing between Android NFC phone, NFC TAG/CARD HSM and PC extension
SSH keys (EviSSH)Creation of secure SSH keys (RSA, ECDSA, ed25519) password-protected, storable in an HSM
Regulatory complianceGDPR, NIS2, DORA, CRA, NIST 2.0, ISO/IEC 27001 — higher level than cloud password managers

Resources

Discover PassCypher HSM PGP and its integration with CryptPeer®.

Long version → One-pager → Pitch deck → How PassCypher HSM PGP Works → Quick installation (video) → Freemindtronic Product →

View CryptPeer® architecture and complementary products