Cyberduck Mountain Duck CLI

Changes between Version 15 and Version 16 of help/en/howto/cryptomator


Ignore:
Timestamp:
Jan 9, 2017 12:43:04 PM (4 years ago)
Author:
yla
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • help/en/howto/cryptomator

    v15 v16  
    1111Compared to other client-side-encryption solutions the [https://cryptomator.org Cryptomator] based approach yields a few crucial advantages:
    1212
    13 * in addition to file content encryption also filenames are encrypted and directory structures obfuscated
     13* in addition to file content encryption also file and directory names are encrypted and directory structures obfuscated
    1414* no online services, no subscriptions, no accounts
    1515* no need to share your cloud storage provider credentials
     
    2424 Both keys are encrypted using RFC 3394 key wrapping with a KEK derived from the user's password using scrypt.
    2525
    26 The wrapped keys are stored in a JSON file named `masterkey.cryptomator` located in the root directory of a vault.
    27 
    28 
     26The wrapped keys (with some additional metadata) are remotely stored in a JSON file named `masterkey.cryptomator` located in the root directory of a vault.
    2927
    3028=== Filename Encryption ===
    31 TBD.
    32 === File Content Encryption ===
    33 TBD.
     29 Cryptomator uses AES-SIV to encrypt file as well as directory names. Additionally to the name, a unique directory ID of its parent directory is passed as associated data. This prevents undetected moving of files between directories.
     30
     31=== File Header Encryption ===
     32
     33 The file header stores certain metadata, which is needed for file content encryption. It consists of 88 bytes.
     34
     35 * 16 bytes nonce used during header payload encryption
     36 * 40 bytes AES-CTR encrypted payload consisting of:
     37 * 8 bytes filled with 1 for future use (formerly used for file size)
     38 * 32 bytes file content key
     39 * 32 bytes header MAC of the previous 56 bytes
     40
     41 === File Content Encryption ===
     42
     43 The cleartext is broken down into multiple chunks, each up to 32 KiB + 48 bytes consisting of:
     44
     45 * 16 bytes nonce
     46 * up to 32 KiB encrypted payload using AES-CTR with the file content key
     47 * 32 bytes MAC of
     48  * file header nonce (to bind this chunk to the file header)
     49  * chunk number as 8 byte big endian integer (to prevent undetected reordering)
     50  * nonce
     51  * encrypted payload
    3452
    3553== Create new Vault ==
swiss made software