File format

Vault file format

A DVault vault is a zip file.

You can use any zip tool to unzip the vault and inspect the contents.

Each file added to the vault is individually encrypted, so if need be, you can extract a single file from a vault.

If you encrypt a single file called 'important.txt' to a vault the structure of the vault file is:

dvault lock important.txt
> Stored and locked in imporant.txt.vault

Contents of important.txt.vault

/.dvault
/encrypted/important.txt

The .dvault file contains the keys used to encrypt/decrypt the contents of the vault and are protected by your passphrase.

If you add an entire directory to a vault the contents would be:

dvault unlocked /home
> Unlocked to home.vault

Contents of home.vault

/.dvault
/encrypted/home/fileone.txt
/encrypted/home/filetwo.txt
...

If the vault was created with the --share option then the contents of the file changes:

dvault encrypt --share important.txt
> Unlocked to  imporant.txt.vault

Contents of important.txt.vault

/.dvault
/.shared
/encrypted/important.txt

The presense of the .shared file tells DVault that this file has been shared between two parties and uses a single use passphrase. The decryption process is essentially the same however the messages displayed to the user change to provide some additional guidance to the reciever of the vault.

.dvault format

The .dvault file is stored in your home directory and copied into each vault that you create.

version:1
salt: <passphrase salt>
passphrase_hash: <hash of passphrase>
iv:<IV>
---- BEGIN DVAULT PRIVATE KEY ----
 <encrypted private key>
---- END DVAULT PRIVATE KEY ----

---- BEGIN DVAULT PUBLIC KEY ----
 <contents of public key>                    
---- END DVAULT PUBLIC KEY ----

PreviousReporting Security Issues NextTechnical details

Last updated 4 years ago

Was this helpful?

File format

Vault file format

A DVault vault is a zip file.

You can use any zip tool to unzip the vault and inspect the contents.

Each file added to the vault is individually encrypted, so if need be, you can extract a single file from a vault.

If you encrypt a single file called 'important.txt' to a vault the structure of the vault file is:

dvault lock important.txt
> Stored and locked in imporant.txt.vault

Contents of important.txt.vault

/.dvault
/encrypted/important.txt

The .dvault file contains the keys used to encrypt/decrypt the contents of the vault and are protected by your passphrase.

If you add an entire directory to a vault the contents would be:

dvault unlocked /home
> Unlocked to home.vault

Contents of home.vault

/.dvault
/encrypted/home/fileone.txt
/encrypted/home/filetwo.txt
...

If the vault was created with the --share option then the contents of the file changes:

dvault encrypt --share important.txt
> Unlocked to  imporant.txt.vault

Contents of important.txt.vault

/.dvault
/.shared
/encrypted/important.txt

.dvault format

The .dvault file is stored in your home directory and copied into each vault that you create.

The .dvault file contains the RSA Keys and a salted copy of your passphrase. The RSA Private key is encrypted using your passphrase using AES as described in the section.

version:1
salt: <passphrase salt>
passphrase_hash: <hash of passphrase>
iv:<IV>
---- BEGIN DVAULT PRIVATE KEY ----
 <encrypted private key>
---- END DVAULT PRIVATE KEY ----

---- BEGIN DVAULT PUBLIC KEY ----
 <contents of public key>                    
---- END DVAULT PUBLIC KEY ----

PreviousReporting Security Issues NextTechnical details

Last updated 4 years ago

Was this helpful?