Overview
DRACOON uses a hybrid cryptosystem for its client-side encryption, i.e. a combination of symmetric and asymmetric cryptography.
Each user owns an asymmetric key pair that has been created on the client side. The private key is encrypted with a password and uploaded alongside the public key to DRACOON.
When uploading a file, the plain data is encrypted symmetrically with a newly generated random key ("FileKey"). The FileKey is then encrypted asymmetrically with the authorized users' public keys – these encrypted copies are referred to as "UserFileKey" since it represents a FileKey encrypted for one specific user.
Downloading a file reverses the described process: The user's private key is downloaded and decrypted with the user's password. The decrypted private key decrypts the UserFileKey so that the plain FileKey is available. During the last step, the FileKey is used to decrypt the file.
Versioning
To facilitate the use of different crypto algorithms and key lengths, we introduced crypto versions.
Symmetric and asymmetric crypto operations are versioned separately.
The currently used crypto versions are:
- FileKey algorithms:
- A (discouraged)
- RSA-4096/AES-256-GCM
- KeyPair algorithms:
- A (discouraged)
- RSA-4096
Key pair algorithms
Each user owns a key pair that needs to be created on the client side.
Version A (discouraged)
KeyPair version A uses RSA-2048 bit keys. Both keys – private key and public key – are stored separately in PKCS#8 format. Please note that the private key needs to be encrypted with a passphrase.
Version RSA-4096
KeyPair version RSA-4096 uses RSA-4096 bit keys. Both keys – private key and public key – are stored separately in PKCS#8 format. Please note that the private key needs to be encrypted with a passphrase.
File key algorithms
Files are encrypted with a randomly generated key ("FileKey") on the client side.
Version A
Symmetric version A uses AES-256-GCM to encrypt files. This crypto algorithm provides additional authentication information ("authentication tag") that is used to detect manipulated files. The symmetric secret FileKey is encrypted with a user's public RSA-2048 bit key. Version A uses the OAEP padding. Hashing Function: SHA-256, MGF: SHA-1
RSA-4096/AES-256-GCM
Symmetric version RSA-4096/AES-256-GCM uses AES-256-GCM to encrypt files. This crypto algorithm provides additional authentication information ("authentication tag") that is used to detect manipulated files. The symmetric secret FileKey is encrypted with a user's public RSA-496 bit key. Version RSA-4096/AES-256-GCM uses the OAEP padding. Hashing Function: SHA-256, MGF: SHA-256
Comments
0 comments
Article is closed for comments.