-
Notifications
You must be signed in to change notification settings - Fork 14
Data encryption (legacy)
Note: This was the data encryption approach in PfP 2.x. Starting with PfP 3.0, KeePass database format and its encryption approach is used.
This data encryption approach applies to all encrypted values in the storage.
The 256-bit encryption key is derived using scrypt(N=32768, r=8, p=1) algorithm. The password used is the user's master password converted to UTF-8, the salt is the random salt stored in the salt key.
In order to encrypt data, the AES-GCM algorithm is used with a random 12 byte initialization vector. The Galois/Counter Mode ensures both confidentiality and integrity of the data. This means that not only is it not feasible to decrypt the data without knowing the encryption key, any tampering with the data will necessarily result in decryption failure.
When stored, the following format is used for encrypted data: both initialization vector and actual ciphertext are base64-encoded, then concatenated using _
(underscore) as separator.