Some of these are still being worked on and marked with [WIP].
- It keeps all
encrypteddata andmaster encryption keyin a dedicated directory with files structured oninodes(with metadata info), files for binary content, and directories with files/directories entries. All data, metadata, and filenames are encrypted. It generates unique inodes for new files in a multi-instance run and offline mode. - The password is collected from CLI and saved in the OS's
keyringwhile the app runs. This is because, for security concerns, we clear the password from memory on inactivity, and we derive it again from the password just when needed. - Master encryption key is also encrypted with another key derived from the password. This gives the ability to change
the
password without re-encrypting all data, we just
re-encryptthemaster key. - Files are
encryptedinchunksof256KB, so when making a change, we just re-encrypt that chunks. Fast seekon read and write, so if you're watching a movie, you can seek any position, and that would be instant. This is because we can seek a particular chunk.- The encryption key is
zeroizein the mem when disposing and idle. Also, it'smlocked while used to prevent being moved to swap. It's alsomprotected while not in use. [WIP]Ensure file integrity by saving each change to WAL, so for crashes or power loss, we apply the pending changes at the next start. This makes the write operations atomic.- Multiple writes in parallel to the same file, ideal for torrent-like applications.