IntroductionAs it exists today, end-to-end encryption is mostly device-based, because that has been the surest way to both verify that a user is who they say they are and to safeguard against large-scale breaches. But that also makes practical usage frustrating for users. A real life reality is that we often switch phones or need to log in from a friend's computer, which is tricky with a product using end-to-end encryption and leads to security shortcuts in favor of convenience.Imagine a Private Key that can be lost and you don't have to worry about losing your encrypted data forever. Or, imagine a Private Key that you can use between devices without needing to transfer the Key around.Now it's finally possible!Virgil presents Brain Key - a strong cryptographic key based on a user's PASSWORD.Virgil has taken Pythia, designed by Adam Everspaugh and Rahul Chaterjee, University of Wisconsin–Madison; Samuel Scott, University of London; Ari Juels and Thomas Ristenpart, Cornell Tech, and built a cloud service that lets you generate a Brain Key.Press here to read more about the solutionProblemA basic User Private Key that is generated using a Crypto Library has limited entropy sourceIf you lose your Private Key, you can't access (by decrypting) previously encrypted dataIf you get a new device, you need to re-encrypt data for a new key pair or you need to transmit a previously generated private key but that has security risks.SolutionVirgil Security presents Pythia Service which can be used to generate strong cryptographic keys based on a user's password. We call this key a BrainKey. When you need to restore a Private Key, you only use a user's password and Pythia Service.Virgil helps you create BrainKey based on your PASSWORD, without having to know a your password or its hash.You don't need to recreate a new Key or re-encrypt data if you lost your private key or device.How it worksRegister your E2EE application on the Virgil Dashboard and get your app credentialsGenerate your API key or use your existing app's API keySet up JWT provider using previously mentioned parameters (App ID, API key, API key ID) on the Server sideGenerate JWT token with user's identity inside and transmit it to the Client side (user's side)On the Client, side set up AccessTokenProvider in order to specify JWT providerInitialize and create an instance of BrainKey class with AccessTokenProvider and pass over the user's passwordSend BrainKey request to Pythia ServiceGenerate BrainKey keypair based on the transformed password that you received from Pythia Service and create user's CardSetup your cardVerifier and cardManagerPass user's Card to cardManagerPublish user's Card that is related to the BrainKeyAll operations are performed under a user's password on the Client side, so Virgil will never see a user's password or its hash. Technical details can be found in the Virgil Security Pythia white paper.What Virgil provides for developersVirgil Cards Service: stores & manages your users' Public KeysVirgil SDK: allows you to easily manage a Crypto Library and communicate with Virgil Cards ServiceVirgil Pythia Service: creates a user's protected blinded password that will be used to generate BrainKey on Client side.Virgil Pythia SDK: allows you to communicate with Virgil Pythia Service and implement the Pythia protocolLet's get started!