Application Data Storage
GpgFrontend employs a robust and secure approach for storing application data, especially for sensitive or dynamic information such as key server settings, key generation profiles, and other internal objects.
Note: Prior to version 2.1.9, application data encryption was handled differently: The reference for each data object was generated by simply computing the SHA-256 hash of the master application key combined with the object name. All objects were encrypted directly with the master key, without per-object key derivation, HMAC, or authenticated encryption modes. Advanced techniques such as HKDF-based key derivation, per-object HMAC, and authenticated encryption (e.g., AES-GCM) were introduced in v2.1.9 for significantly improved security.
Data Object Structure
Section titled “Data Object Structure”- Unique Reference: Each piece of application data is associated with a unique reference, generated using an HMAC-SHA256 digest of the object name (or a random value for unnamed objects) and a legacy key. This ensures both uniqueness and integrity of the data mapping.
- Per-Object Encryption: Every data object is encrypted individually using a key derived from the current active application secure key and the object’s reference. Key derivation utilizes HKDF-SHA256 for high security and resistance to key reuse attacks.
- Key Identification: The first part of each stored object file contains an identifier for the key used to encrypt it, allowing for seamless key rotation and backward compatibility.
- Encryption Algorithms: Actual data encryption uses lightweight, authenticated cryptography (such as AES-GCM or an equivalent mode), ensuring both confidentiality and integrity of application objects.
File Layout and Access
Section titled “File Layout and Access”- Storage Location: All encrypted data objects are stored in the
data_objs/subdirectory within the application’s data directory. - File Naming: Encrypted objects are stored as files named after the hexadecimal encoding of their reference value. This obfuscates file content and prevents direct association with plaintext object names.
- Data Separation: Data created under different SecureLevels or key environments is logically separated, providing clear isolation between different security contexts.
- Secure Key Retrieval: On access, the application retrieves the correct encryption key for each data object using its embedded key identifier, and securely derives the per-object key to decrypt or update the content.
- Atomic Updates: Data updates are handled in a manner that prevents corruption or partial writes, ensuring data integrity even in the event of application or system interruptions.
Security Considerations
Section titled “Security Considerations”- Strong Isolation: Per-object encryption and unique key derivation mean that compromise of one data object does not impact the security of others.
- Key Rotation Support: When application keys are rotated, existing objects remain accessible through their associated key identifiers, supporting smooth transitions and automated data migration.
- User Transparency: All encryption, decryption, and data migration processes are handled transparently by GpgFrontend, requiring no manual intervention from users in regular workflows.