-
Notifications
You must be signed in to change notification settings - Fork 3
Architecture :: Encryption
The server
and the core
networking/routing expect only encrypted data to be exchanged,
therefore these components will not attempt to interpret it. For security, client services must ensure all outgoing
user data is encrypted before being transferred.
The Linux/macOS client uses AES with
GCM
(AES/GCM/NoPadding
) for
encrypting and decrypting three types of data:
Each file that is found to have changed is first compressed then encrypted with its own encryption key, before being
sent to the server
. If a file is above a certain size, after it is compressed, it is split into smaller
chunks (see limitations); each one of those chunks has a unique encryption key.
File metadata is collected at the start of a backup process; at the end of it, the metadata is serialized and encrypted
with its own encryption key; it is then sent to the server
.
Device secrets are used to derive crypto material for the encryption and decryption of files and metadata. When at rest (stored on the local device), the device secret is encrypted with a key derived from the user's password.
Various suggestions exist about what is the maximum number of bytes that can be encrypted. The limit for client
is
set as 4 GB here, which is considerably less than any of the
suggestions. It also seems like a reasonable maximum chunk size as each one of these chunks is one crate/upload to server
.
The actual limit for each chunk is configurable via
stasis.client.ops.backup.max-part-size
and is by default also 4 GB; regardless of the value of that parameter, the limit set inAES.scala
cannot be exceeded.
For more information, see https://crypto.stackexchange.com/q/31793 and https://crypto.stackexchange.com/q/44113