Tusky Encryption
In this overview of Tusky's encryption, we cover cryptographic primitives used, encryption flows, private key backup and recovery, and future work on quantum resistance.
All data exchanged within private vaults in Tusky is end-to-end encrypted. In other words, everything is encrypted locally, before it ever leaves your device.
We use industry standard algorithms to perform all cryptographic operations.
Cryptographic primitivesCopied!
Cryptographic primitives are the basic building blocks of cryptography, consisting of methods used to achieve specific security goals like confidentiality, integrity, and authentication.
Symmetric encryptionCopied!
A cryptographic method where the same key is used for both encryption and decryption. It is efficient and suitable for encrypting large amounts of data but requires secure key sharing between parties.
Role in Tusky: Used with Data Encryption Keys (DEKs), keys that encrypt actual data exchanged within Tusky.
Algorithm used: AES with Galois/Counter Mode (AES-GCM)
Asymmetric encryptionCopied!
A cryptographic method that uses a pair of keys - a public key for encryption and a private key for decryption. It enables secure communication without pre-shared keys.
Role in Tusky: Used with Vault & User Key Pairs, key pairs that manage data access control, Vault Key Pair encrypts/decrypts DEKs and User Key Pair encrypts/decrypts Vault Private Keys.
Algorithm used: X25519 - an elliptic curve Diffie-Hellman key exchange using Curve25519.
Key derivation functionCopied!
A function used to derive a strong and cryptographically secure key from a less secure source, such as a password.
Role in Tusky: Used with Password Key, a key derived from user password that encrypts User Private Key.
Algorithm used: PBKDF2 with HMAC-SHA-256
Encryption flowsCopied!
User signupCopied!
-
User Key Pair is generated on the client
-
Password Key is derived from the user provided password
-
User Private Key is encrypted with Password Key and securely stored on Tusky server
User loginCopied!
-
Once the user authenticated, the encrypted User Private Key is retrieved from Tusky server
-
User provides their password and derives Password Key
-
User decrypts their User Private Key locally using Password Key
Private vault creationCopied!
-
The user generates Vault Key Pair
-
Vault Public Key - used to encrypt DEKs
-
Vault Private Key - used to decrypt DEKs
-
-
The user encrypts Vault Private Key with User Public Key
Sharing private vaultCopied!
-
The Vault Private Key is encrypted with the invited member public key (their personal User Public Key)
-
The encrypted Vault Private Key is shared with the invited member
-
The member can decrypt Vault Private Key by using their personal User Private Key
Revoking access to the private vaultCopied!
-
a new Vault Key Pair is generated - Vault Private Key & Vault Public Key
-
the new Vault Private Key is encrypted for all active members
-
all data exchanged in the vault is henceforth encrypted with the new Vault Public Key
Sharing and accessing the data within the private vaultCopied!
-
To share a data, new fresh DEK is generated and used to encrypt the data
-
The DEK is encrypted with the current Vault Public Key
-
Any user with access to the corresponding Vault Private Key can decrypt the DEK and use the DEK to decrypt the actual data
Key rotationCopied!
While revoking a member from a vault, a new Vault Key Pair is generated and distributed to all valid vault members.
Previously shared keys of revoked member are deleted from Tusky server and are no longer served.
Vault owner has also a possibility to rotate Vault Key Pair on demand.
User Private Key backup & recoveryCopied!
To encrypt/decrypt data in Tusky, user needs to provide their User Key Pair.
User Key Pair is generated on the client side upon first login, ensuring it is never visible to Tusky server in an unencrypted form. However, for convenience, users can back up their User Private Key with a password or backup phrase and store it encrypted on Tusky server for easier retrieval.
Using PasswordCopied!
On each login the encrypted User Private Key is decrypted using user provided password.
Backing up User Private Key with the password
-
the user authenticates
-
the user provides the password for the first time
-
User Key Pair is generated
-
the random salt is generated
-
the AES key is derived from password & salt by using PBKDF2
-
User Private Key is encrypted with the AES key and stored encrypted on Tusky server along with the salt
Retrieving User Private Key with the passwordCopied!
-
the user authenticates & retrieves encrypted User Private Key along with the salt from Tusky server
-
the user provides the password
-
the AES key is derived from password & salt by using PBKDF2
-
User Private Key is decrypted with the AES key
Using Backup PhraseCopied!
In addition to the password, users can back up their User Private Key using a backup phrase.
The 24-word backup phrase is generated following BIP-39 standard, a method for generating a human-readable mnemonic sentence from a random number.
If the user forgets their password, the backup phrase allows them to regain access to their encrypted data.
Backing up User Private Key with the backup phraseCopied!
-
the user authenticates
-
the backup phrase is generated
-
the seed is generated from the backup phrase
-
the recovery key is derived from the seed
-
User Private Key is encrypted with the recovery key and stored encrypted on Tusky server as backup
Retrieving User Private Key with the backup phraseCopied!
-
the user authenticates & retrieves encrypted User Private Key backup from Tusky server
-
the user provides the backup phrase
-
the seed is generated from the backup phrase
-
the recovery key is derived from the seed
-
User Private Key is decrypted with the recovery key
End-to-end encryption means that the User Private Key remains encrypted on the server, and the Tusky team does not have access to it because it cannot derive either the password-derived key or the backup-derived key.
Future workCopied!
Quantum resistanceCopied!
In order to protect the encryption scheme against potential threats posed by quantum computers, upgrade the system to use the Kyber crystals key encapsulation mechanism.
Use Kyber in a hybrid mode, which means in combination with the current X25519 curve, so that an attacker needs to break both X25519 and Kyber to be able to retrieve the private data.
GlossaryCopied!
Data Encryption Key (DEK)Copied!
A symmetric key used to encrypt and decrypt actual data, such as file blobs, file names, vault names, vault descriptions, etc.
Vault Key PairCopied!
A pair of keys: Vault Private Key & Vault Public Key.
Used to encrypt/decrypt Data Encryption Keys (DEKs).
All DEKs within the vault are encrypted using the current Vault Public Key and each valid vault member has access to Vault Private Keys.
User Key PairCopied!
A pair of keys: User Private Key & User Public Key.
Used to encrypt/decrypt user personal data & Vault Private Keys.
When the user creates or is invited to join a vault, Vault Private Keys are encrypted using a given User Public Key, later the user can decrypt Vault Private Keys with their personal User Private Key and access vaults contents.
Password KeyCopied!
A strong symmetric key derived from the user’s password, used to encrypt User Private Key before storage.