top of page

TeraCryption Architecture Overview

TeraCryption is a flexible enterprise file encryption architecture designed to protect sensitive documents while preserving normal business workflows. It enables organizations to securely store, share, and control access to encrypted files using either local servers or cloud storage platforms — without requiring manual encryption key management.

The architecture is designed to adapt to different deployment models, as reflected in TeraCryption Plans.  TeraKey is the encryption component of the broader TeraCryption file encryption system, providing enterprise-grade protection for sensitive business documents.

Core Architecture Principles

TeraCryption is built on four core principles:

  • Encrypt before storage

  • Local automatic generation and control of encryption keys

  • Flexible storage hubs (server or cloud)

  • Centralized identity and sharing control

This approach ensures that encrypted files remain protected regardless of where they are stored. 

Encrypt Before Storage

 

TeraKey encrypts files on the user’s workstation before they are saved to:

  • A local file server

  • A network-attached storage (NAS) device (when mapped or accessible in the user’s file explorer)

  • A private cloud storage account (Google Drive, OneDrive, Amazon S3)

 

Encrypted files remain unreadable on the storage hub. Only authorized users with proper identity and group permissions can decrypt them.

This “encrypt-first” model eliminates reliance on storage providers for security.

Flexible Storage Architecture

One of the key differentiators of TeraCryption is its ability to use either:

  • A local server as the encrypted storage hub

       or

  • A cloud storage service to store encrypted files, functioning as a centralized storage hub

 

This flexibility allows organizations to:

  • Maintain full control using on-premise infrastructure

  • Operate in hybrid environments

  • Use cloud storage without exposing document content

 

The encryption model remains consistent across all deployment types.

Automatic Encryption Key Management

 

Unlike many enterprise encryption systems, TeraCryption does not require users to:

  • Fetch encryption keys

  • Store keys manually

  • Associate keys with files

  • Maintain external key-management infrastructure

Each file is encrypted using a unique, randomly generated encryption key.

Encryption key management is handled automatically by the system, reducing administrative complexity and eliminating user dependency on manual key handling.

This significantly lowers operational risk compared to systems that rely on external key management solutions.

Identity-Based Access Control

Access to encrypted files is controlled through:

  • User identity

  • Group membership

  • Administrator-defined permissions

The Administrator uses TeraMail to:

  • Add and manage users

  • Assign users to groups

  • Define document sharing permissions

Users can be:

  • Added manually

      or

  • Imported from local Active Directory for large enterprise environments

 

This ensures scalability for organizations with hundreds or thousands of users.

Controlled Document Sharing

 

TeraKey enables encrypted file sharing through group-based permissions.​

Administrators and authorized users can:

  • Determine which groups have access to specific encrypted folders

  • Control which users can decrypt specific files within a group

  • Restrict access without moving or duplicating documents

 

Encrypted files remain secure even when stored in shared folders.

​Designed for Enterprise Deployment Plans

 

TeraCryption architecture supports multiple deployment configurations aligned with TeraCryption Plans:

Plan 1 – Individual User Encryption

Encrypted files are stored on the user’s workstation and can be securely shared with other authorized TeraKey users within a group via network sharing, TeraMail, or email.

Plan 2 – Cloud Hub Architecture

TeraLink connects TeraKey to a cloud storage service to store encrypted files, which functions as a centralized storage hub. Shared group folders automatically appear in the file explorer of each authorized user, enabling centralized encrypted file sharing.

Plan 3 – Local Server Hub Architecture

TeraLink connects TeraKey to a local server to store encrypted files, which acts as a centralized storage hub. Shared group folders automatically appear in the file explorer of each authorized user, maintaining centralized control within the on-premise infrastructure.

Plan 4 – Server + Encrypted Mirror Backup

TeraBackup extends Plan 3 by automatically creating a real-time mirror of server-based encrypted group folders and uploading them to secure cloud storage for rapid recovery in the event of disruption or ransomware attack.

This flexible architecture allows organizations to select the configuration that aligns with their security policies, infrastructure preferences, and operational requirements.

Performance and Workflow Preservation

 

Because encryption and decryption occur at the user’s workstation:

  • Users experience native file performance when using local servers

  • No manual encryption steps are required

  • Business workflows remain unchanged

  • Applications (including CAD tools, office software, and others) operate normally

Security is integrated into the workflow rather than imposed on it.

Enterprise-Ready Security Architecture

TeraCryption architecture is designed to support:

  • Regulatory compliance requirements

  • Intellectual property protection

  • Secure file sharing across departments

  • Secure remote and local work environments

 

The system protects files without requiring users to change how they work.

Related Components

  • TeraKey - The encryption engine

  • TeraMail – Identity and user management

  • TeraLink – Secure connection to storage hubs

  • TeraBackup – Encrypted mirror backup for recovery

 

Each component operates within the broader TeraCryption platform architecture.

See the Architecture in Action

Book a demo to see how TeraKey architecture adapts to your organization’s infrastructure and security requirements.

TM logo 300 x 300 transparent_edited

TeraCryption

File Encryption and Secure Communications Platform

sales@teracryption.com   -   support@teracryption.com

  • Linkedin

    TeraCryption Canada

    20 Valleywood Drive,

    Markham, Ontario,

    Tel: 905-475-5557

    Toll Free: 1-800-387- 4237

    TeraCryption USA

    401 Park Ave S, 

    New York, NY.

    Tel: 212-921-5222
    Toll Free: 1-800-387- 4237

    TeraCryption Mexico

    Comunicaciones Elite S.A. de C.V.

    Atenas, Col. Conjunto Europa

    Irapuato, Guanajuato,

              462-152-4294 Manager

              462-627-7007​ Sales

              rgproactivo@gmail.com

              comsel7@gmail.com

              www.comsel.mx

    Imagen Whatsapp-1
    Email Transparent envelop
    www icon

    VIEW PRIVACY POLICY

    © 2026 Canamex Communications Corporation
    © 2026 TeraCryption Corporation

    TeraCryption is the cybersecurity division of Canamex Communications Corporation

     

    All rights reserved. Information, products, software, operational description, and specifications are subject to change without notice. All information is provided on an “AS IS” basis without warranties. TeraCryption, the TeraCryption logo, and other TeraCryption trademarks are the property of Canamex Communications Corporation.  All other trademarks are the property of their respective owners.

    Contact us at TeraCryption

    bottom of page
    google-site-verification: google43d31fc921668958.html