Provide an overview over key derivations
This commit is contained in:
parent
d6a95e40ec
commit
012bdefb6b
1 changed files with 20 additions and 0 deletions
|
@ -220,6 +220,26 @@ followed by a second type byte depending on the type of file written:
|
||||||
The chunk ID and the backup snapshot timestamp get added
|
The chunk ID and the backup snapshot timestamp get added
|
||||||
to prevent an attacker from renaming and swapping files/chunks.
|
to prevent an attacker from renaming and swapping files/chunks.
|
||||||
|
|
||||||
|
## Key derivation overview
|
||||||
|
|
||||||
|
The original entropy comes from a BIP39 seed (12 words = 128 bit size)
|
||||||
|
obtained from Java's `SecureRandom`.
|
||||||
|
A PBKDF SHA512 based derivation defined in BIP39 turns this into a 512 bit seed key.
|
||||||
|
|
||||||
|
The derived seed key (512 bit size) gets split into two parts:
|
||||||
|
1. app data encryption key - 256 bit - first half of seed key
|
||||||
|
* used to encrypt app data retrieved from AOSP
|
||||||
|
* locked in Android's key store for this usage
|
||||||
|
* device needs to be unlocked for decryption
|
||||||
|
* usage deprecated, should not be used for other operations
|
||||||
|
2. main key - 256 bit - second half of seed key used to derive application specific keys:
|
||||||
|
1. HKDF with info "stream key"
|
||||||
|
* this stream key is then used to derive a new key for each stream
|
||||||
|
* the tink library will create various new subkeys based on salt/nonce/counter
|
||||||
|
2. HKDF with info "Chunk ID calculation"
|
||||||
|
* used to generate deterministic hashes (HMAC-SHA256) over the chunk contents
|
||||||
|
without leaking information about the file contents to third parties
|
||||||
|
|
||||||
# Data structures
|
# Data structures
|
||||||
|
|
||||||
## Local caches
|
## Local caches
|
||||||
|
|
Loading…
Reference in a new issue