From 316326ea1952eef35524afb0d3cedaf7c5ca342e Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 17 Mar 2020 21:42:46 -0400 Subject: [PATCH] clarification on encryption algorithm defaults --- static/build.html | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/static/build.html b/static/build.html index 79ea1a50..4f218b30 100644 --- a/static/build.html +++ b/static/build.html @@ -431,12 +431,13 @@ mv vendor/android-prepare-vendor/DEVICE/BUILD_ID/vendor/google_devices/* vendor/ your own information.

You should set a passphrase for the signing keys to keep them at rest until you - need to sign a release with them. By default, the keys are encrypted using scrypt for - key derivation and AES256 as the cipher. If you use swap, make sure it's encrypted, - ideally with an ephemeral key rather a persistent key to support hibernation. Even - with an ephemeral key, swap will reduce the security gained from encrypting the keys - since it breaks the guarantee that they become at rest as soon as the signing process - is finished. Consider disabling swap, at least during the signing process.

+ need to sign a release with them. The GrapheneOS scripts (make_key and + encrypt_keys.sh) encrypt the signing keys using scrypt for key derivation + and AES256 as the cipher. If you use swap, make sure it's encrypted, ideally with an + ephemeral key rather a persistent key to support hibernation. Even with an ephemeral + key, swap will reduce the security gained from encrypting the keys since it breaks the + guarantee that they become at rest as soon as the signing process is finished. + Consider disabling swap, at least during the signing process.

The encryption passphrase for all the keys generated for a device needs to match.