This repository has been archived by the owner on Apr 12, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Cryptography details
Paul Feuvraux edited this page Dec 30, 2017
·
39 revisions
- PBKDF2 on 256 bits
- Galoi/Counter mode
- GMAC
- 128 only
- The passphrase is defined by the user
- A random string is generated, let's call it CEK
- The CEK is encrypted under the passphrase
- The CEK is stored in the database
- The user types his passphrase
- Get the CEK
- Try to decrypt the CEK under the passphrase
- if fail --> bad passphrase
- if success --> store it locally
- Check if the CEK is stored locally (if not, log out the user)
- Generate salt on 128 bits
- Proceed to a key derivation under PBKDF2 with the CEK and the salt (strengthen by a factor of 7000 and 256 bits key size)
- Generate the initialization vector on 128 bits for every chunk
- Generate authentication data on 128 bits
- Use GCM, encrypt the chunk
- Encapsulate the auth' data + salt + initialization vector + encrypted content (=chunk)
- Do the inverse processs
- Check if the CEK is stored locally (if not, log out the user)
- Encrypt the CEK under the new re-defined typed by the user
- Send the CEK to the servers to store it in the database
- Delete all the files and folders of the user
- Generate a new CEK
- Encrypt the CEK under the passphrase
- Send the CEK to the servers to store it in the database
~~ coming soon ~~
Privacy will win.