Encryption keys are never stored or transmitted by Engage. Keys are algorithmically derived using the NIST-approved PBKDF2 algorithm. Engage takes the incoming passphrase/password/PIN (we refer to this as "Baseline Key Material" or simply "BKM") provided by the user application, then combines it with a 128-bit salt, and then performs 15,000 iterations of the algorithm (NIST recommends 10,000 iterations) to arrive at the derived, 256-bit, key.