Documentation‎ > ‎

Technical Documentation

Data file format


data.crypt file format is binary file with the following structure:

 Size:512 bits32 bits16 bits16 bits32 bits32 bitsVariable length
 Encrypted:
No
YesYesYesYesYesYes
 Content:Random salt value (salt is generated during changing of password or during initial setup)
String "TRUE" (used to detect successful unlock)
Format version: constant 1
Reserved: constant 0
CRC-32 checksum of data
Size of data
Data.
Gzipped XML content with category definitions and entries.

The whole file contains either random data (the salt) or encrypted data (the rest after the salt). There is no plain text content. The whole file seems to contain random data (encrypted data also cannot be distinguished from random data). 

All categories and data entries including favorite category info is stored in the last part of the data.crypt file and is encrypted. Therefore any information about the entries data, number of categories, category names, favorite category or number of entries is encrypted too and therefore hidden.


Supported algorithms


AlgorithmKey sizes (bits)
 AES 128, 192, 256
 Blowfish (Android 2.3 or later) 128, 192, 256


Supported cipher mode of operation


Mode
 CBC - Cipher Block Chaining
 CFB - Cipher Feedback
 OFB - Output Feedback
 ECB - Electronic Code Book

For more info see wiki page Block cipher mode of operation.


Unlocking data file with master password and salt


data.crypt file is read into RAM and its first 512 bits are used as a 'salt' value. The salt and the master password are passed to the SHA-256 hash function as initial values. The result is iterated 1000 times using SHA-256 to provide the final key to unlock the data.crypt file. This hashed value is saved temporarily into RAM as a cipher key (not the user provided master password). 

Now all the combinations of cipher algorithm, key length and cipher mode of operation (currently up to 32 combinations) are tried with this hashed password. When shorter key than 256 bits is needed, the key is trimmed to the appropriate length. 

If the 'TRUE' string from the data.crypt file (byte positions 64-67) is successfully decoded, CRC-32 check sum and data length are verified then the unlock is considered to be successful. After that the rest of the file is processed. Finally the XML data are uncompressed by GZIP and loaded into RAM memory.