相片加密软件:ente

# Architecture Your data is end-to-end encrypted with Ente. Meaning, they are encrypted with your `keys` before they leave your device. <img src="assets/e2ee.svg" class="architecture-svg" style="max-width: 600px" title="End-to-end encryption in Ente" /> Our source code has been [audited](https://ente.io/blog/cryptography-audit/) to verify that these `keys` are available only to you. Meaning, only you can access your data. What follows is an explanation of how we do what we do. ## Key Encryption ### Fundamentals #### Master Key When you sign up for Ente, your client generates a `masterKey` for you. This never leaves your device unencrypted. #### Key Encryption Key Once you choose a password, a `keyEncryptionKey` is derived from it. This never leaves your device. ### Flows #### Primary Device During registration, your `masterKey` is encrypted with your `keyEncryptionKey`, and the resultant `encryptedMasterKey` is then sent to our servers for storage. <img src="assets/key-derivation.svg" class="architecture-svg" title="Key derivation" /> #### Secondary Device When you sign in on a secondary device, after you successfully verify your email, our servers give you back your `encryptedMasterKey` that was sent to us by your primary device. You are then prompted to enter your password. Once entered, your `keyEncryptionKey` is derived, and the client decrypts your `encryptedMasterKey` with this, to yield your original `masterKey`. If the decryption fails, the client will know that the derived `keyEncryptionKey` was wrong, indicating an incorrect password, and this information will be surfaced to you. ### Privacy - Since only you know your password, only you can derive your `keyEncryptionKey`. - Since only you can derive your `keyEncryptionKey`, only you have access to your `masterKey`. > Keep reading to learn about how this `masterKey` is used to encrypt your data. --- ## Data Encryption ### Fundamentals #### Collection Key Each of your items in Ente belong to what we call a `collection`. A `collection` can be either a folder (like "Camera" or "Screenshots") or an album (like "Awkward Reunion"). In case of Auth, we create a default root collection. Each `collection` has a `collectionKey`. These never leave your device unencrypted. #### File Key Every piece of your data has a `fileKey`. These never leave your device unencrypted. ### Flows #### Upload - Each file and associated metadata is encrypted with randomly generated `fileKey`s. - Each `fileKey` is encrypted with the `collectionKey` of the `collection` (folder/album) the `file` belongs to. In case such a `collection` does not exist, one is created with a randomly generated `collectionKey`. All `collection` metadata (like name, folder-path, etc) are encrypted with this `collectionKey`. - Each `collectionKey` is then encrypted with your `masterKey`. - All of the above mentioned encrypted data is then pushed to the server for storage. <img src="assets/file-encryption.svg" class="architecture-svg" title="File encryption" /> #### Download - All of the above mentioned encrypted data is pulled from the server. - You first decrypt each file's `collectionKey` with your `masterKey`. - You then decrypt each file's `fileKey` with their respective `collectionKey`s. - Finally, you decrypt each file and associated metadata with the respective `fileKey`s. ### Privacy - As explained in the previous section, only you have access to your `masterKey`. - Since only you have access to your `masterKey`, only you can decrypt the `collectionKey`s. - Since only you have access to the `collectionKey`s, only you can decrypt the `fileKey`s. - Since only you have access to the `fileKey`s, only you can decrypt the files and their associated metadata. --- ## Sharing ### Fundamentals #### Public Key When you sign up for Ente, your app generates a `publicKey` for you. This is public, and is stored at our servers in plain text. #### Verification ID Verification ID is a human readable representation of a `publicKey`, that is accessible within the clients for verifying the identity of a receiver. #### Private Key Along with the `publicKey`, your app also generates a corresponding `privateKey` for you. This never leaves your device unencrypted. The `privateKey` is encrypted with your `masterKey` that only you have access to. This `encryptedPrivateKey` is stored at our servers ### Flow Sharing is similar to the previous section, except that the `collectionKey` of a `collection` is shared with a receiver after encrypting it with the receiver's `publicKey`. To elaborate, #### Sender - Each file and associated metadata was already encrypted with randomly generated `fileKey`s. - Each of these `fileKey`s were also encrypted with the `collectionKey` of the `collection` (folder/album) that is now being shared. - The `collectionKey` is now encrypted with the `publicKey` of the receiver. - All of the above mentioned encrypted data is then pushed to the server for storage. #### Receiver - All of the above mentioned encrypted data is pulled from the server. - The receiver first decrypts the `collectionKey` with their `privateKey`. - They then decrypt each file's `fileKey` with their respective `collectionKey`s. - Finally, they decrypt each file and associated metadata with the respective `fileKey`s. <img src="assets/sharing.svg" class="architecture-svg" title="Sharing" /> ### Privacy - Since only the receiver has access to their `masterKey`, only they can decrypt their `encryptedPrivateKey` to access their `privateKey`. - Since only the receiver has access to their `privateKey`, only they can decrypt the `collectionKey` that was sent to them. - Since only the receiver has access to the `collectionKey`, only they can decrypt the `fileKey`s of files belonging to that album/folder. - Since only the receiver has access to the `fileKey`s of files belonging to that album/folder, only they can decrypt the files and associated metadata. > A sender can view the Verification ID of the receiver within the app's sharing > screen, and compare this with the Verification ID displayed on the receiver's > device. The two identifiers matching across devices verifies the security of > end-to-end encryption between the two parties. ------------------------------------------------------------------------ ## Key Recovery ### Fundamentals #### Recovery Key When you sign up for Ente, your app generates a `recoveryKey` for you. This never leaves your device unencrypted. ### Flow #### Storage Your `recoveryKey` and `masterKey` are encrypted with each other and stored on the server. #### Access This encrypted `recoveryKey` is downloaded when you sign in on a new device. This is decrypted with your `masterKey` and surfaced to you whenever you request for it. #### Recovery Post email verification, if you're unable to unlock your account because you have forgotten your password, the client will prompt you to enter your `recoveryKey`. The client then pulls the `masterKey` that was earlier encrypted and pushed to the server (as discussed in [Key Encryption](#key-encryption), and decrypts it with the entered `recoveryKey`. If the decryption succeeds, the client will know that you have entered the correct `recoveryKey`. <img src="assets/recovery.svg" class="architecture-svg" title="Recovery" /> Now that you have your `masterKey`, the client will prompt you to set a new password, using which it will derive a new `keyEncryptionKey`. This is then used to encrypt your `masterKey` and this new `encryptedMasterKey` is uploaded to our servers, similar to what was earlier discussed in [Key Encryption](#key-encryption). ### Privacy - Since only you have access to your `masterKey`, only you can access your `recoveryKey`. - Since only you can access your `recoveryKey`, only you can reset your password. --- ## Authentication ### Fundamentals #### One Time Token When you