Skip to content

Encryption

Jump to bottom
Donnie Ashok edited this page Jan 28, 2024 · 1 revision

Overview

Finease now includes an advanced encryption feature designed to enhance the security of your financial data, especially when exporting it to external storage like Google Drive. This feature provides an additional layer of protection, ensuring your data remains secure against unauthorized access.

Features

AES Encryption

  • Algorithm: Uses the Advanced Encryption Standard (AES) algorithm, known for its strong security and efficient performance.
  • Mode: Operates in Cipher Block Chaining (CBC) mode, where each block of data is encrypted differently, adding complexity and security.

Key Management

  • Generation: Encryption keys are generated using a secure, random process.
  • Techniques: Combines hashing and salting techniques for robust key management, making keys unique and difficult to replicate or predict.

Data Integrity

  • HMAC: Implements Hash-Based Message Authentication Code (HMAC) to verify data integrity and authenticity, ensuring tamper detection.

Usage

Enabling Encryption

  • Navigate to SettingsDatabase.
  • Turn on the Enable Encryption option.

Encryption Process

  • The feature automatically encrypts your database file during export.

Decryption Process

  • Uses the same password for decrypting the file during import.
  • To decrypt the database file on your computer, follow the directions provided here.

Warnings

  • Strong Password: Ensure the use of a strong, unique password.
  • Data Accessibility: When the app is in use, the data cannot be encrypted. If your phone is compromised, your data and password could be accessed by a third party.
  • Database File Sharing: Sharing the unencrypted database file exposes your DB password.
  • Password Loss: Forgetting your password can lead to irrecoverable data. Always maintain a backup of your password in a secure location.
  • Password Security: Avoid sharing your password or storing it in insecure locations.

Technical Implementation

Below is a brief overview of the Dart code used for encryption and decryption:

Key Derivation

  • Uses SHA-1/HMAC/PBKDF2 for key derivation from the user-provided password.
  • Salt is randomly generated to ensure key uniqueness.

File Encryption

  • Employs AES/CBC/PKCS7 for encrypting files.
  • The salt and encrypted data are written to the output file.

File Decryption

  • Reads the salt from the file and derives the key.
  • Decrypts the data using the derived key and writes to the output file.
Clone this wiki locally