Your data with Enpass is 100% encrypted (leaving behind no visible information) by the 256-bit AES encryption with 24,000 rounds of PBKDF2 using the peer-reviewed and open-source encryption engine SQLCipher, providing you with advanced protection against brute force and side channel attacks. You can open data file inside a binary editor and check it yourself. All you will see is nonsense and gibberish data (encrypted with AES 256).
Your Master Password is the only key to your secure vault and is recorded only in your mind. This makes your Master Password impossible to steal. The key that is used in AES for encrypting your data is derived from your Master Password. Neither your master password nor any of its derivative is recorded by Enpass anywhere in the universe (not with us and not on any cloud). If you forget your master password, there is no way to recover your data.
SQLCipher and Enpass¶
SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES encryption of database files. One can find complete design details of SQLCipher here
Here are some details how SQLCipher is configured in Enpass:
- 100% of data in the database file is encrypted.
- The encryption algorithm is 256-bit AES in CBC mode.
- When initialized with your master password, SQLCipher derives the key data using 24000 iterations of PBKDF2. Each database is initialized with a unique random salt in the first 16 bytes of the file. This salt is used for key derivation and ensures that even if two databases are created using the same password, they will not have the same encryption key.
- Each database page is encrypted and decrypted individually. The page size is 1024 bytes.
- Each page has it’s own random initialization vector. The IV is generated by a cryptographically secure random number generator (e.g. OpenSSL’s RAND_bytes, CommonCrypto’s SecRandom, LibTomCrypt Fortuna), and is stored at the end of the page. IVs are regenerated on write to avoid reuse of the same IV on subsequent writes of the same page data.
- Every page write operation includes a Message Authentication Code (HMAC_SHA1) of the ciphertext and the initialization vector at the end of the page. The MAC is checked when the page is read back from disk. If the ciphertext or IV has been tampered or corrupted, the HMAC check will cause SQLCipher to report a problem with the database.
- The key used to calculate page’s HMAC is different than the encryption key. It is derived from the encryption key using PBKDF2 with 2 iterations and a variation of the random database salt.
- SQLCipher does not implement its own encryption. Instead, it uses the widely available encryption libraries like OpenSSL libcrypto, LibTomCrypt(for Windows 10 only) for all cryptographic functions.