Technical details

Technical details

DVault is intended to be encryption for everyone so we try to avoid technical terminology when describing how DVault works.

But for those that care, we provide the following details on how DVault works.

DVault init generates an RSA key pair which is stored in ~/.dvault.

On Linux and OSX the file permissions is set to 600. On Windows: TODO what do we do on windows?

The private key is encrypted using a 128 bit AES key derived from the entered passphrase. The passphrase is stretched to the full 128 bits with the following algorithm.

The specific algorithm is:

  class StrongKey extends Key {
  StrongKey.fromPassPhrase(String passPhrase) : super.fromUtf8(passPhrase);

  Key secureStretch(Uint8List salt) {
    return stretch(256, iterationCount: 100000, salt: salt);
  }

  @override
  Key stretch(int desiredKeyLength, {int iterationCount = 100, Uint8List salt}) {
    final params = Pbkdf2Parameters(salt, iterationCount, desiredKeyLength);
    final pbkdf2 = PBKDF2KeyDerivator(Mac('SHA-512/HMAC'))..init(params);

    return Key(pbkdf2.process(bytes));
  }

  static Uint8List get generateSalt => SecureRandom(256).bytes;
}

DVault is based on pointycastle which is a Dart port of the bouncycastle java encryption library.

The DVault code is open source and can be viewed at: dvault.