IntroductionAs it exists today, end-to-end encryption is mostly device-based, because that has been the surest way to both verify that a user is who they say they are and to safeguard against large-scale breaches. But that also makes practical usage frustrating for users. A real life reality is that we often switch phones or need to log in from a friend's computer, which is tricky with a product using end-to-end encryption and can lead to security shortcuts in favor of convenience.BrainKey by Virgil Security is a strong cryptographic key based on a user-generated password, and is used to encrypt a user's private key in the Virgil Cloud. Users can then regenerate their original private key on multiple devices, allowing access to their encrypted data from new browser sessions or devices and preventing permanent loss of encrypted data if the original device is lost. If you're interested in Brainkey functionality please take a look at our E3Kit SDKs where all Brainkey features already baked in.BrainKey works with Pythia, designed by Adam Everspaugh and Rahul Chaterjee, University of Wisconsin–Madison; Samuel Scott, University of London; Ari Juels and Thomas Ristenpart, Cornell Tech. Take a look at the Virgil Security Pythia white paper for more information about the technical details.Press here to read more about the solutionProblemA basic user private key that is generated using a Crypto Library has limited entropy sourceIf the user loses their private key, they won't be able to access previously encrypted data and it will be lost foreverIf the user gets a new device, the data needs to be re-encrypted with a new key pair or a previously generated private key needs to be transmitted somehow, which has security risks.SolutionVirgil Security's Pythia Service can be used to generate a strong cryptographic key based on a user's password. We call this key a BrainKey. When you need to restore a private key, you only use the user's password and Pythia Service.Virgil helps you create BrainKey based on your user's password, without having to know your user's password or the password's hash.You don't need to recreate a new key or re-encrypt the data if the user lost their private key and/or device.How it worksCreate an end-to-end encryption application on the Virgil Dashboard and receive your new app credentials (App ID, API key, API key ID)Generate your API key or use your existing app's API keySet up JWT provider using previously mentioned parameters (App ID, API key, API key ID) on the Server sideGenerate JWT token with the user's identity inside and transmit it to the Client side (user's device)On the Client side, set up AccessTokenProvider to specify JWT providerInitialize and create an instance of BrainKey class with AccessTokenProvider and pass over the user's passwordSend BrainKey request to Pythia ServiceGenerate BrainKey keypair based on the transformed password that you receive from Pythia Service and thn create user's CardSet up your cardVerifier and cardManagerPass user's Card to cardManagerPublish user's Card that is related to the BrainKeyAll operations that are performed using the user's password take place on the Client side, so Virgil will never see a user's password or its hash. Technical details can be found in the Virgil Security Pythia white paper.What Virgil provides for developersVirgil Cards Service: stores & manages your users' public keysVirgil SDK: allows you to easily manage the Virgil Crypto Library and communicate with Virgil Cards ServiceVirgil Pythia Service: creates the user's protected blinded password which will be used to generate a BrainKey on the Client side.Virgil Pythia SDK: allows you to communicate with Virgil Pythia Service and implement the Pythia protocolLet's get started!