A short documentation

This isn't a full documentation, but it's at least a documentation note. It is intended to help interested persons better evaluate the security of the PEAs. Hints on the source code are in square brackets.

Cryptographic functions used:

  • As hash function: Blake2b (default) and SHA-3, both with 512 bit output [class HashStuff]
  • As ciphers Threefish-512 (default) and AES-256, both in EAX mode [classes CipherStuff, EAXMode]
  • As password based key derivation funktions Catena-Dragonfly (FULL) with garlic 18 and lambda 2 (default) and Argon2id with memory 512 KiB, iterations 3 and parallelism (lanes) 4. The parameters can be changed. The following instances are also selectable (each also with configurable parameters):
    • Catena-Dragonfly (FAST) with round-reduced hash function
    • Catena-Butterfly (FULL)
    • Catena-Butterfly (FAST) with round-reduced hash function
    • Argon2d
    • Argon2i
    [PeaControl.deriveKeyFromPsw(), KeyDerivation.deriveKey(), CatenaKDF.performKDF(), Argon2KDF.performKDF()]

Other Properties

Salt size is 32 bytes. It is read in from a file or for cloud files from the properties that are stored for this cloud.

A pre-hash is performed before the actual derivation of the password. If the PEA has a key file property, an unique compiled random value is hashed with the password here, otherwise a fixed string is used.

Random values (salt, nonce, key files...) are generated by an internal generator that includes also key strokes and mouse events of graphical user interfaces and the Java thread schedule in addition to the system random number generator. See: EntropyPool on GitHub

Key files that are generated are 128 bytes long. Key files are processed by HKDF after deriving the key from the password. [classes KeyFileHandler, KeyFileDialogs]

The derived key for decryption is kept encrypted with multiple session keys in memory to protect the key from memory dumps, cold boot attacks other memory disclosure attacks, or swap outs. This protection is not absolute. [classes CipherStuff, SessionKeyCrypt]

Check if a file is encrypted with a PEA:
  1. It is checked whether the file contains the plain string "PFACTORY" (version 1) or "PEA-VE-2" (version 2) at the end.
  2. It is checked whether the file before it contains the corresponding algorithm parameter string.
  3. The salt is read in and compared with the one from the key derivation.
  4. It checks if the file contains the encrypted string "_PEA_FACTORY_ID_". This is the actual check of the password or key file. [Attachments.checkPswIdentifier()]
  5. Then the file is decrypted and its integrity is checked.

If files are to be securely deleted (File Lock PEA), the contents are overwritten block by block first with zeros, then with the value 0xFF and finally with a random number. [FileTools.secureWipe()]