Skip to content

Commit 466726d

Browse files
tobihagemanntobihagemann
committed
Merge branch 'develop'
2 parents fc80138 + 61c285f commit 466726d

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

docs/security/architecture.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@ wrappedEncryptionMasterKey := aesKeyWrap(encryptionMasterKey, kek)
121121
wrappedMacMasterKey := aesKeyWrap(macMasterKey, kek)
122122
```
123123

124-
<Image src="/img/security/key-derivation.png" srcset="/img/security/key-derivation.png 1x, /img/security/key-[email protected] 2x" alt="KEK Derivation" width="336" height="71" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)'}} />
124+
<Image src="/img/security/key-derivation.png" srcset="/img/security/key-derivation.png 1x, /img/security/key-[email protected] 2x" alt="KEK Derivation" width="336" height="71" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)', boxSizing: 'content-box'}} />
125125

126126
The wrapped keys and the parameters needed to derive the KEK are then stored as integers or Base64-encoded strings in a JSON file named `masterkey.cryptomator`, which is located in the root directory of the vault.
127127

@@ -139,4 +139,4 @@ The wrapped keys and the parameters needed to derive the KEK are then stored as
139139

140140
When unlocking a vault the KEK is used to unwrap (i.e. decrypt) the stored masterkeys.
141141

142-
<Image src="/img/security/masterkey-decryption.png" srcset="/img/security/masterkey-decryption.png 1x, /img/security/masterkey-[email protected] 2x" alt="Masterkey Decryption" width="439" height="200" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)'}} />
142+
<Image src="/img/security/masterkey-decryption.png" srcset="/img/security/masterkey-decryption.png 1x, /img/security/masterkey-[email protected] 2x" alt="Masterkey Decryption" width="439" height="200" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)', boxSizing: 'content-box'}} />

docs/security/vault.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ cleartextPayload := 0xFFFFFFFFFFFFFFFF . contentKey
2424
ciphertextPayload, tag := aesGcm(cleartextPayload, encryptionMasterKey, headerNonce)
2525
```
2626

27-
<Image src="/img/security/file-header-encryption.png" srcset="/img/security/file-header-encryption.png 1x, /img/security/file-[email protected] 2x" alt="File Header Encryption" width="433" height="199" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)'}} />
27+
<Image src="/img/security/file-header-encryption.png" srcset="/img/security/file-header-encryption.png 1x, /img/security/file-[email protected] 2x" alt="File Header Encryption" width="433" height="199" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)', boxSizing: 'content-box'}} />
2828

2929
*Random per file change
3030

@@ -54,7 +54,7 @@ for (int i = 0; i < length(cleartextChunks); i++) {
5454
ciphertextFileContent := join(ciphertextChunks[])
5555
```
5656

57-
<Image src="/img/security/file-content-encryption.png" srcset="/img/security/file-content-encryption.png 1x, /img/security/file-[email protected] 2x" alt="File Content Encryption" width="782" height="195" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)'}} />
57+
<Image src="/img/security/file-content-encryption.png" srcset="/img/security/file-content-encryption.png 1x, /img/security/file-[email protected] 2x" alt="File Content Encryption" width="782" height="195" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)', boxSizing: 'content-box'}} />
5858

5959
*Random per chunk change
6060

@@ -94,7 +94,7 @@ Cryptomator uses [AES-SIV](https://tools.ietf.org/html/rfc5297) to encrypt names
9494
The directory ID of the parent folder is passed as associated data.
9595
This prevents undetected movement of files between directories.
9696

97-
<Image src="/img/security/filename-encryption.png" srcset="/img/security/filename-encryption.png 1x, /img/security/filename-[email protected] 2x" alt="Filename Encryption" width="614" height="220" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)'}} />
97+
<Image src="/img/security/filename-encryption.png" srcset="/img/security/filename-encryption.png 1x, /img/security/filename-[email protected] 2x" alt="Filename Encryption" width="614" height="220" style={{backgroundColor: '#ffffff', borderRadius: 'var(--ifm-global-radius)', padding: 'var(--ifm-pre-padding)', boxSizing: 'content-box'}} />
9898

9999
*Unencrypted directory ID of the parent dir [as described above](#directory-ids)
100100

0 commit comments

Comments
 (0)