security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

document metadata encryption

Browse Source
This commit is contained in:
Daniel Micay 2020-12-24 22:53:31 -05:00
parent da9f17b2c8
commit d3da06814d
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
static/faq.html
View File

@ -337,8 +337,11 @@
<p>File data is encrypted with AES-256-XTS and file names with AES-256-CTS. A <p>File data is encrypted with AES-256-XTS and file names with AES-256-CTS. A
unique key is derived using HKDF-SHA512 for each regular file, directory and unique key is derived using HKDF-SHA512 for each regular file, directory and
symbolic link from the per-profile encryption keys, or the device encryption symbolic link from the per-profile encryption keys, or the device encryption
key for non-sensitive data stored outside of profiles. GrapheneOS increases key for non-sensitive data stored outside of profiles. The directory key is
the file name padding from 16 bytes to 32 bytes.</p> used to encrypt the file names. GrapheneOS increases the file name padding
from 16 bytes to 32 bytes. AES-256-XTS with the device encryption key is also
used to encrypt filesystem metadata as a whole beyond the finer-grained file
name encryption.</p>
<p>The OS derives a password token from the profile's lock method credential <p>The OS derives a password token from the profile's lock method credential
using scrypt. This is used as the main input for key derivation.</p> using scrypt. This is used as the main input for key derivation.</p>