- Hash Key: for generating a chunk hash from the content of a chunk
- ID Key: for generating a chunk id from a chunk hash
- Chunk Key: for encrypting chunk files
- File Key: for encrypting non-chunk files such as snapshot files.
Here is a diagram showing how these keys are used:
Chunk hashes are used internally and stored in the snapshot file. They are never exposed unless the snapshot file is decrypted. Chunk ids are used as the file names for the chunks and therefore exposed. When the cat command is used to print out a snapshot file, the chunk hashes stored in the snapshot file will be converted into chunk ids first which are then displayed instead.
Chunk content is encrypted by AES-GCM, with an encryption key that is the HMAC-SHA256 of the chunk Hash with the Chunk Key as the secret key.
The snapshot is encrypted by AES-GCM too, using an encrypt key that is the HMAC-SHA256 of the file path with the File Key as the secret key.
These four random keys are saved in a file named ‘config’ in the storage, encrypted with a master key derived from the PBKDF2 function on the storage password chosen by the user.