Filebolt Encryption Explained

Filebolt uses strong standard encryption methods to protect your data. Files are encrypted using standard AES algorithm. Password hashes are generated using SHA2 algorithm.

When Filebolt instance is created and user sets password, master encryption key is generated from the user password using strong key derivation algorithm (PBKDF2 with SHA2 hashing algorithm and 100000 iterations) and Filebolt instance specific salt. SHA2 hash of the master key is generated and stored to Filebolt instance for checking the correct password.

When new files is bolted to file bolt, new random 128-bit file key is generated. File is encrypted with AES algorithm using Galois Counter Mode (GCM). This securely encrypts the file and ensures that encrypted files cannot be modified unnoticed. The file key is encrypted with master key and stored to the bolted file. At the same time random file sharing key is generated, encrypted with master key and stored also to bolted file. File sharing key and all the folder sharing keys above the file within Filebolt, are then used to store encrypted copies of the file key to bolted file. This process also employs PBKDF2 with SHA2 hashing to first obtain encryption key. Then this encryption key us used to encrypt file key with AES-128 before storing it to bolted file.