Cyberduck Mountain Duck CLI

Changes between Version 62 and Version 63 of help/en/howto/cryptomator


Ignore:
Timestamp:
Mar 22, 2021 3:33:58 PM (7 months ago)
Author:
dkocher
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • help/en/howto/cryptomator

    v62 v63  
    100100== Encryption Security Architecture ==
    101101
    102 Please refer to [https://cryptomator.org/architecture/ Cryptomator security overview] for more details.
    103 
    104 === Masterkey ===
    105 
    106  Each vault has its own 256 bit encryption as well as MAC masterkey used for encryption of file specific keys and file authentication, respectively.
    107  Both keys are encrypted using RFC 3394 key wrapping with a KEK derived from the user's password using scrypt.
    108 
    109 The wrapped keys (with some additional metadata) are remotely stored in a JSON file named `masterkey.cryptomator` located in the root directory of a vault.
    110 
    111 === Filename Encryption ===
    112  Cryptomator uses AES-SIV to encrypt file as well as directory names. Additionally to the name, a unique directory ID of its parent directory is passed as associated data. This prevents undetected moving of files between directories.
    113 
    114 === File Header Encryption ===
    115 
    116  The file header stores certain metadata, which is needed for file content encryption. It consists of 88 bytes.
    117 
    118  * 16 bytes nonce used during header payload encryption
    119  * 40 bytes AES-CTR encrypted payload consisting of:
    120  * 8 bytes filled with 1 for future use (formerly used for file size)
    121  * 32 bytes file content key
    122  * 32 bytes header MAC of the previous 56 bytes
    123 
    124  === File Content Encryption ===
    125 
    126  The cleartext is broken down into multiple chunks, each up to 32 KiB + 48 bytes consisting of:
    127 
    128  * 16 bytes nonce
    129  * up to 32 KiB encrypted payload using AES-CTR with the file content key
    130  * 32 bytes MAC of
    131   * file header nonce (to bind this chunk to the file header)
    132   * chunk number as 8 byte big endian integer (to prevent undetected reordering)
    133   * nonce
    134   * encrypted payload
     102See [wiki:help/en/howto/cryptomator/architecture Encryption Security Architecture].
    135103
    136104== Preferences ==