-
Notifications
You must be signed in to change notification settings - Fork 0
Encryption
Donnie Ashok edited this page Jan 28, 2024
·
1 revision
Finease now includes an advanced encryption feature designed to enhance the security of your financial data, especially when exporting it to external storage like Google Drive. This feature provides an additional layer of protection, ensuring your data remains secure against unauthorized access.
- Algorithm: Uses the Advanced Encryption Standard (AES) algorithm, known for its strong security and efficient performance.
- Mode: Operates in Cipher Block Chaining (CBC) mode, where each block of data is encrypted differently, adding complexity and security.
- Generation: Encryption keys are generated using a secure, random process.
- Techniques: Combines hashing and salting techniques for robust key management, making keys unique and difficult to replicate or predict.
- HMAC: Implements Hash-Based Message Authentication Code (HMAC) to verify data integrity and authenticity, ensuring tamper detection.
- Navigate to
Settings
→Database
. - Turn on the
Enable Encryption
option.
- The feature automatically encrypts your database file during export.
- Uses the same password for decrypting the file during import.
- To decrypt the database file on your computer, follow the directions provided here.
- Strong Password: Ensure the use of a strong, unique password.
- Data Accessibility: When the app is in use, the data cannot be encrypted. If your phone is compromised, your data and password could be accessed by a third party.
- Database File Sharing: Sharing the unencrypted database file exposes your DB password.
- Password Loss: Forgetting your password can lead to irrecoverable data. Always maintain a backup of your password in a secure location.
- Password Security: Avoid sharing your password or storing it in insecure locations.
Below is a brief overview of the Dart code used for encryption and decryption:
- Uses
SHA-1/HMAC/PBKDF2
for key derivation from the user-provided password. - Salt is randomly generated to ensure key uniqueness.
- Employs
AES/CBC/PKCS7
for encrypting files. - The salt and encrypted data are written to the output file.
- Reads the salt from the file and derives the key.
- Decrypts the data using the derived key and writes to the output file.