Application-layer encryption made simple

Encrypt your most sensitive data before it leaves the application, so the storage layer – and adversaries – only ever see ciphertext. Application native client-side encryption protects data from sophisticated attackers, supply-chain attacks, and insider threats.

Start for free

Encryption made effective, for engineering and security teams

Storage and cloud-native encryption controls are not enough

Most at-rest encryption solutions – transparent disk encryption, full disk encryption, etc. – are ineffective against modern threats because they grant admins, key processes, and attackers (who exploit privileged access) implicit access to plaintext data. Eliminate this gap and bridge the divide between engineering, security, and compliance teams with Ubiq’s developer-first, encryption-as-code platform.

For Engineering

Lightweight, prepackaged code and open source encryption libraries that quickly integrate into any application type for native client-side encryption and set and forget key management.

For Security

Enable development teams to quickly build native, client-side data encryption directly into applications, to reduce your breach risk and not slow down the pace of innovation.

For Compliance

Applications built compliant by design and future-proof evolving compliance needs - designed for today and tomorrow’s regulations, with full auditability.

How It Works

We’ve abstracted away the messy and complex world of encryption and key management behind 2 API calls and a few lines of code, so you can confidently build native client-side encryption directly into applications of any type in minutes.

New data generated Existing data requested

Application collects data from normal user input or process.

Application calls local Ubiq library to encrypt the data.

Data is encrypted into ciphertext without leaving your application.

Application stores ciphertext (instead of clear text) in storage.

Data is protected from storage layer compromises.

User or process requests application data.

Application retrieves encrypted ciphertext from storage.

Application calls local Ubiq library to decrypt the data

Data is decrypted without leaving your application.

Data is presented to user or process, as per normal.

Reduce breach risk, by better protecting sensitive data

Encrypt data before it leaves your application, so the storage layer, admins, and adversaries only ever see ciphertext.

Start For Free

Decrease costs, increase program efficiency, and achieve compliance

Reduce costs and save precious resource time by building client-side encryption into any application in minutes as part of your application development lifecycle.

Start for free

ubiq = require('ubiq-security' 1.0.5)

const credentials =
    new ubiq.Credentials('T31i/+eZAsURqVOO/0WfkGqd',
                         'GyPujOPlRcQu+uF7sZchT0c1BsUMkyqcIlz0ss3FhciS',
                         'AkQ9vGDsUhZPHk+YUSekFEJSP0XzKouEpfMIt6ZvmEfd')

plaintext_data = 'ABC'

encrypted_data = await ubiq.encrypt(credentials, plaintext_data)
console.log(encrypted_data.toString('base64'))

decrypted_data = await ubiq.decrypt(credentials, encrypted_data)

Avoid costly cryptographic failures, with drop-in code and automated key management

Enable robust encryption without complexity and guesswork, by leveraging industry standard, open source encryption libraries and FIPS-140-2 compliant key management and storage.

OWASP A02:2021 – Cryptographic Failures

Start For Free

Encryption, without the complexity.

Developers rule (our) world.

Ubiq’s developer platform enables you to quickly and easily build client-side encryption directly into your application, allowing you to focus on product and customer experiences and less time wasted on encryption, key management, and security.

Node.js

Ruby

Python

C++

Java

const ubiq = require('ubiq-security')
                
// Explicitly set the credentials.

const credentials = new Credentials('', '', '')

// Encrypt a block of data.

const encrypted_data = await ubiq.encrypt(credentials, plainntext_data)

// Decrypt a block of data.

const plainttext_data = await ubiq.decrypt(credentials, encrypted_data)

require 'ubiq-security'
include Ubiq

# Explicitly set the credentials.
credentials = Credentials(access_key_id = "...", secret_signing_key = "...", secret_crypto_access_key = "...")

# Encrypt a block of data.
encrypted_data = encrypt(credentials, plaintext_data)

# Decrypt a block of data.
plaintext_data = decrypt(credentials, encrypted_data)

# Require the Security Client.
import ubiq_security as ubiq

# Explicitly set the credentials.
credentials = ubiq.credentials(access_key_id = "...", secret_signing_key = "...", secret_crypto_access_key = "...")

# Encrypt a block of data.
encrypted_data = ubiq.encrypt(credentials, plaintext_data)

# Decrypt a block of data.
plaintext_data = ubiq.decrypt(credentials, encrypted_data)

#include 

struct ubiq_platform_credentials * creds = NULL;
void * ptbuf = NULL, * ctbuf = NULL;
size_t ptlen = 0, ctlen = 0;

/*
 * load credentials from the environment
 * or the credentials file
 */
ubiq_platform_credentials_create(creds);

/* initialize ptbuf and ptlen */
...

/* Encrypt a block of data. */
ubiq_platform_encrypt(creds, ptbuf, ptlen, ctbuf, ctlen);

/* Decrypt a block of data. */
ubiq_platform_decrypt(creds, ctbuf, ctlen, ptbuf, ptlen);

free(ctbuf);
free(ptbuf);

ubiq_platform_credentials_destroy(creds);

#include 
 /*
  * load credentials from the environment
  * or the credentials file
  */
 ubiq::platform::credentials creds;
 std::vector ptbuf, ctbuf;

/* initialize ptbuf */
...

/* Encrypt a block of data. */
ctbuf = ubiq::platform::encrypt(creds, ptbuf.data(), ptbuf.size());

/* Decrypt a block of data. */
ptbuf = ubiq::platform::decrypt(creds, ctbuf.data(), ctbuf.size());

using UbiqSecurity;

/* explicitly set the credentials  */
var credentials = UbiqFactory.CreateCredentials(accessKeyId: "...", secretSigningKey: "...", secretCryptoAccessKey: "..."); 

/* Encrypt a block of data. */
byte[] plainBytes = ...;
byte[] encryptedBytes = await UbiqEncrypt.EncryptAsync(credentials, plainBytes);

/* Decrypt a block of data. */
plainBytes = await UbiqDecrypt.DecryptAsync(credentials, encryptedBytes);

import com.ubiqsecurity.UbiqCredentials;
import com.ubiqsecurity.UbiqDecrypt;
import com.ubiqsecurity.UbiqEncrypt;
import com.ubiqsecurity.UbiqFactory;

// Explicitly set the credentials.
UbiqCredentials credentials = UbiqFactory.createCredentials("", "", "", null);

// Encrypt a block of data.
byte[] plainBytes = ...;
byte[] encryptedBytes = UbiqEncrypt.encrypt(credentials, plainBytes);

// Decrypt a block of data.
plainBytes = UbiqDecrypt.decrypt(credentials, encryptedBytes);

import "gitlab.com/ubiqsecurity/ubiq-go"
var plaintext []byte = ...

// load the default credentials
credentials, _ := ubiq.NewCredentials()

// encrypt a block of data
ciphertext, _ := ubiq.Encrypt(credentials, plaintext)

// decrypt a block of data
plaintext, _ := ubiq.Decrypt(credentials, ciphertext)