Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decouple key derivation from vault format #95

Closed
overheadhunter opened this issue Nov 20, 2020 · 0 comments · Fixed by #96
Closed

Decouple key derivation from vault format #95

overheadhunter opened this issue Nov 20, 2020 · 0 comments · Fixed by #96
Assignees
@overheadhunter
Milestone
2.0.0

Comments

@overheadhunter
Copy link
Member

overheadhunter commented Nov 20, 2020
edited
Loading

In order to allow features like externally managed masterkeys (#7), we need to distinguish key derivation from vault decryption. If key derivation is a separate process that feeds into the decryption, it can be replaced by other modules that produce raw keys.

We'd need two different files:

  • masterkey.cryptomator
    • contains the KDF-related params
    • contains a fake vault version of 999 (to prevent older versions from opening this vault)
  • vault.cryptomator
    • specifies what key to use
    • contains the real vault version
    • may contain other configuration params such as the cipher config (see Encrypt file contents using GCM #94) or a shortening threshold
    • is a JWT signed with HS256 using the 512 bit raw masterkey to prevent downgrade attacks (note: HMAC-SHA256 uses 512 bit block size, so a 512 bit key is the maximum possible key without the hash function weakening it)

Migration

To migrate from vault version 7 to vault version 8, the following steps are required:

  1. read old masterkey.cryptomator (vault format should still be 7)
  2. derive key; concat old encKey + hmacKey to single 512 bit raw masterkey
  3. write vault.cryptomator in JWT format
  4. write new masterkey.cryptomator
    • set version to 999 (to prevent older versions from attempting to unlock this)
    • keep all other params

Opening a vault with format 8

  1. decode vault.cryptomator
  2. read kid header and, depending on its value, retrieve the masterkey from the user/system/keystore/...
  3. verify the JWT signature (or throw "wrong key" exception)
  4. make sure format is supported
  5. init cryptor with correct ciphercombo
  6. construct file system
@overheadhunter overheadhunter added this to the 1.10.0 milestone Nov 20, 2020
@overheadhunter overheadhunter self-assigned this Nov 20, 2020
overheadhunter added a commit that referenced this issue Nov 20, 2020
@overheadhunter
Added vault version 8 migrator
e719b8e 
(references #95)
overheadhunter added a commit that referenced this issue Nov 25, 2020
@overheadhunter
* Read vault.cryptomator instead of masterkey.cryptomator
a041c5e 
* Remove methods from CryptoFileSystemProvider that deal with password handling or key derivation (will be added to CryptoLib)
* Added generic `KeyLoader` interface to allow usage of keys from other sources than just password-based
* Added `VaultConfiguration` to deal with `vault.cryptomator` files

Related to #7, #95 and #94
@overheadhunter overheadhunter modified the milestones: 1.10.0, 2.0.0 Nov 25, 2020
@overheadhunter overheadhunter mentioned this issue Dec 7, 2020
Merged
overheadhunter added a commit that referenced this issue Dec 8, 2020
@overheadhunter
Merge pull request #96 from cryptomator/feature/vault-format-8
5937026 
fixes #95
@SailReal SailReal mentioned this issue Jan 29, 2021
Closed
@infeo infeo mentioned this issue Mar 17, 2021
Closed
This was referenced Apr 16, 2021
Closed
Closed
overheadhunter added a commit that referenced this issue Apr 16, 2021
@overheadhunter
renamed constant to shorteningThreshold (related to #95, #102)
484f416
@overheadhunter overheadhunter mentioned this issue Jun 2, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@overheadhunter overheadhunter

Labels
None yet
Projects
None yet
Milestone
2.0.0
Development

Successfully merging a pull request may close this issue.

Vault Format 8 cryptomator/cryptofs
1 participant
@overheadhunter