Argon2id
Derives passphrase keys (32-byte output) for vault and recovery flows.
Technical Guide
How Aegiro stores and protects your data.
This page summarizes Aegiro's cryptographic primitives, threat model, filesystem support matrix, and deep technical references.
Cryptographic Primitives
Key cryptographic components used by Aegiro.
AES-256-GCM
Wraps key material and protects encrypted metadata blocks with integrity.
Kyber512
Provides post-quantum KEM for APFS/USB recovery wrapping and vault DEK access path.
Dilithium2
Signs manifest hashes for authenticity checks in verify/doctor paths.
Threat Model
Threats covered in the current APFS/USB recovery schemes.
| Threat | Mitigation |
|---|---|
| Recovery bundle stolen without passphrase | Still locked: recovery keys are Argon2id-derived and never stored. |
| Wrong disk/image paired with a bundle | Identifier assertions plus AAD binding reject cross-target bundle reuse. |
| Bundle tampering | AES-GCM authentication tags detect modified wrapped secrets. |
| Nonce reuse concerns in wraps | Each wrap call generates an independent random 12-byte nonce. |
| Harvest-now/decrypt-later pressure | Kyber512 KEM protects recovery wrapping in current builds. |
Filesystem Support Matrix
Filesystem and workflow support.
| Volume type | apfs-volume-encrypt / apfs-volume-decrypt | usb-container-* | usb-vault-pack |
|---|---|---|---|
| APFS (writable) | ✓ | ✓ | ✓ |
| Non-APFS (exFAT/FAT/NTFS writable) | ✕ | ✓ | ✓ |
| Read-only / locked media | ✕ | ✕ | ✕ |
Legend:supportednot supported
Deep References
Full technical docs and schematics.
Encryption Scheme Paper
Full implementation-level crypto paths, format behavior, and caveats.
USB Encryption Schematics
Step-by-step APFS encryption/unlock schematics and bundle field definitions.
USB Encryption Diagrams
Architecture diagrams and before/after trees for each USB workflow mode.
Documentation Index
Entry point for guides, legal, repository structure, and explanation docs.