2023-06-08 13:50:20 +05:00
---
title: How is my data encrypted?
description: Every byte of your notes data is encrypted with the strongest encryption algorithms on client with XChaCha-Poly1305-IETF & Argon2.
---
2023-02-13 13:39:51 +05:00
# How is my data encrypted?
2023-02-03 15:44:02 +05:00
2023-02-03 15:30:37 +05:00
> warn Note
>
> This document is not a spec, only an explanation of the encryption process.
2023-02-01 17:17:18 +05:00
## Algorithms & cryptographic library
1. XChaCha-Poly1305-IETF (for encryption/decryption)
2. Argon2 (for password hashing & PKDF)
1. `argon2i` for PKDF
2. `argon2id` for password hashing
3. [**libsodium** ](https://libsodium.org )
On all three platforms we use the same exact library for all cryptographic functions. This ensures data integrity across platforms.
2023-02-04 10:56:29 +05:00
> info Fun story
>
> When we first added encryption, we used AES-GCM-256 across platforms but the cross-platform compatbility was abyssmal. That is when I found out about the great libsodium. Written in C, wrappers available for all platforms...what more could I want?
2023-02-01 17:17:18 +05:00
## Process
### 1. Sign up & sign in
When you sign up for an account, the app takes your password and hashes it using Argon2 with a `predictable per user salt` .
This predictable salt is generated using a `fixed client salt` + `your email` .
2023-02-03 15:30:37 +05:00
> info Your password never leaves your device
>
> Sending the hash over sending your plain text password ensures that there is no way for us (or anyone else) to get your password.
2023-02-01 17:17:18 +05:00
After the hash is generated, it is sent to the server. This hash is used as a `password` and is hashed again to mitigate password passthrough attacks.
This process is repeated every time you sign in.
### 2. Key generation
After you are signed in, the app requests your user data which includes, among other things, your salt.
2023-02-03 15:30:37 +05:00
> info Salt generation
>
> When you create an account, the server generates a cryptographically secure random salt for you. This salt is used for key generation.
2023-02-01 17:17:18 +05:00
You password & salt is then used to derive a strong irreversible key using Argon2 as the password key derivation function (PKDF).
### 3. Encryption key storage
# [Desktop/Web](#/tab/web)
Instead of storing the key as plain text (and allowing anyone to copy/move it), we use browser's `IndexedDB` to store the key as a `CryptoKey` .
`CryptoKey` is stored securely by the browser and cannot be exported, viewed, copied except by the app & browser.
# [Mobile](#/tab/mobile)
On iOS and Android, the encryption key is stored in the phone's keychain.
---
### 4. Data encryption
Encryption only takes place when you sync. Each item in the database is encrypted seperately using XChaCha-Poly1305-IETF.
#### How it works
1. The item is read from the database as JSON object and stringified (i.e. converted to a string).
2. The string is encrypted using the encryption key generated earlier.
3. The result is a JSON object which contains:
1. A base64 encoded `cipher`
2. A 192-bit nonce (`iv` )
3. A random `salt`
4. Algorithm id `alg`
5. ItemId `id`
2023-02-03 15:30:37 +05:00
> info
>
2023-02-13 13:39:51 +05:00
> See the whole process in action [here.](https://vericrypt.notesnook.com/)
2023-02-01 17:17:18 +05:00
This object is then sent to the server for storage. The server performs no further operation on this data (because it can't).
