Trusted Data Format (TDF): Encrypt, Control Access, and Audit Information Sharing

Virtru products are powered by the Trusted Data Format (TDF)— an open standard for object-level encryption that keeps data protected and under the data owner’s control, wherever it’s created or shared.

Request a Demo
trusted data format
The Trusted Data Format is central to Zero Trust data protection.

Implementing Zero Trust? Start with the Data.


Data is meant to be shared. It’s also highly valuable and should be both respected and protected. Historically, people have had to make a tradeoff — locking down data (and sacrificing shareability) or setting it free (and sacrificing control).

With the Trusted Data Format (TDF), you don’t have to make any sacrifices. You can share your data anywhere and maintain full control.

This can transform the way you work:

  • Teams can operate at higher velocity.
  • Data is no longer locked away in silos.
  • Your data is under your control at all times, even after it’s been shared externally.

Military-Grade Encryption, Accessible to All.

The TDF was created by Virtru Co-Founder and CTO, Will Ackerly, to address gaps in secure information sharing between U.S. federal government agencies.

Today, TDF is used by thousands of organizations, including the U.S. Intelligence Community, to enable secure sharing with platform-agnostic encryption for any type of data, across any cloud environment or device, using persistent access controls that ensure data privacy.

  • Organizations reap the security and financial benefits of rapid, secure business collaboration.
  • Data owners don’t have to abandon control of their data when it’s shared with third parties.
  • Collaborators are continuously verified to ensure privacy.
  • Leverage Virtru’s Commercial SDK or the open-source openTDF to customize your own encrypted data flows.
Read the TDF Origin Story
data protection software

How the Trusted Data Format (TDF) Works

Trusted data format (TDF) is a JSON-encoded data format that employs multiple cryptographic and security techniques to enable secure sharing in ways that are impossible with traditional network-based defenses.

end to end encryption

End-to-End Encryption

TDF encrypts data using a unique encryption key for every object for persistent control that enables secure sharing. TDF also supports strong protections for the encryption keys by double wrapping them to further protect the data.

access controls

Attribute-Based Access Controls

Data owners define policies for who can access the keys protecting the data, for how long and whether they can add other users. These policies enable granular controls such as revocation, expiration and disabled forwarding.

policy binding

Policy Binding

TDF binds the encrypted data with the policies using public-based signatures, ensuring policies cannot be tampered with. Only the data owner can adapt control policies, guaranteeing information integrity.

end to end audit

End-to-End Auditability

TDF and supporting infrastructure logs every key request for persistent visibility, reinforcing information integrity. Data owners can easily track shared data to support granular audit and modifications to access controls.

key management

Key Management

TDF enables high assurance key management with embedded, cryptographically-bound policies. Organizations can jointly own, control and audit files in a zero trust manner by using multiple key servers, each hosted by a different organization.

identity federation

Identity Federation

As collaborators request access to TDF-protected data, TDF leverages existing accounts through federated identity and authentication frameworks such as OpenID, OAuth and SAML, to enable seamless access.

large file support

Large File Support

TDF enables the encryption and decryption of very large files—up to 1 TB—including streaming files – making it easy to protect and share PDFs, Excel spreadsheets, Word documents, and more.

offline create

Offline Create

TDF-enabled clients can create TDFs without an internet connection. The offline-created TDF can be sent to anyone via offline methods, or when the device is back online.

More than 7,000 customers trust Virtru’s Trusted Data Format to secure their most essential data.

omada logo
Sequoia logo
Maryland logo
we work logo

Schedule a demo with Virtru today.

Get Started