# Cryptography
A brief overview of the used cryptography
# General
All cryptography is based on https://nacl.cr.yp.to (opens new window)
Secret Key cryptography is based on: XSalsa20 (opens new window) + Poly1305 (opens new window)
Public Key cryptography is based on: Curve25519 (opens new window) + XSalsa20 (opens new window) + Poly1305 (opens new window)
Authkey derivation function is based on scrypt (opens new window)
# Cryptography libraries
Our web clients (websites and browser extensions) are using ecma-nacl (opens new window) a JavaScript implementation of NaCl.
Our backends (server and fileserver) are using PyNaCl (opens new window)
Our apps (Android and iOS) use are using flutter_sodium (opens new window) and Swift-Sodium (opens new window)
# Scrypt libraries
The scrypt library used by our backends (server and fileserver) is scrypt (opens new window)
The scrypt library used by our web clients (websites and browser extensions) is already part of ecma-nacl (opens new window).
The scrypt library used by our apps (Android and iOS) is pointycastle (opens new window)
# Authkey Algorithm
The authkey is generated with the following algorithm / scrypt parameters:
var generate_authkey = function (username, password) {
var salt = sha512(username.toLowerCase());
var u = 14; // 2^14 = 16MB
var r = 8;
var p = 1;
var l = 64; // 64 Bytes = 512 Bits
var authkey = to_hex(scrypt(encode_utf8(password), salt, u, r, p, l));
return authkey;
};
# Registration Process
The following diagram outlines the registration process, shows how the user's keys are generated and stored.
TIP
Click on the diagram to zoom.
# Login Process
The following diagram outlines the login process, shows how the signature of the server is checked, the authentication key is generated and the whole session creation including multifactor challenges are handled.
TIP
Click on the diagram to zoom.
# Secret: Create
The following diagram outlines the process how a secret e.g. a note or a website password entry is created, encrypted and stored in the datastore of the user
TIP
Click on the diagram to zoom.
# Fileserver: File upload
The following diagram outlines the upload process to fileservers. It shows how a file is split up in chunks and the whole communication between the server and the fileserver.
TIP
Click on the diagram to zoom.
# Fileserver: File download
The following diagram outlines the download process to fileservers. It shows how the various chunks of a file are downloaded decrypted and merged and the whole communication between the server and the fileserver.
TIP
Click on the diagram to zoom.
# Fileserver: File delete
The following diagram outlines the deletion process of files with fileservers. It shows the whole communication between the server and the fileserver.
TIP
Click on the diagram to zoom.