Skip to main content

Encryption algorithm

Enclave uses AES-256-GCM (Advanced Encryption Standard, 256-bit key, Galois/Counter Mode).
  • AES-256 — the symmetric cipher. 256-bit keys are currently unbreakable by brute force.
  • GCM — the mode of operation. Provides both confidentiality (encryption) and integrity (authentication tag). Any tampering with the ciphertext is detected on decryption.

Encryption happens on your device

The encryption step runs in the client (browser or desktop app) before any data is transmitted. The Enclave server receives only ciphertext. 
Your device                          Enclave server
──────────────────────────────────   ─────────────────
plaintext file


AES-256-GCM encrypt ──── ciphertext ──────────────────► stored
    │                                                    (server cannot read)

wrap DEK with KEK ──── wrapped DEK ───────────────────► stored

Key hierarchy

Master Key (in your KMS / HSM)

    └── wraps ──► KEK (Key Encryption Key, per room)

                      └── wraps ──► DEK (Data Encryption Key, per file)

                                        └── encrypts ──► File ciphertext
KeyWhere it livesWho can access
Master KeyYour KMS / HSMYou only
KEKEnclave (encrypted, wrapped by master key)Derived on demand by authorised clients
DEKEnclave (encrypted, wrapped by KEK)Derived by authorised room members
File ciphertextEnclave storageMeaningless without DEK

Initialisation vector (IV)

Each file encryption operation uses a randomly generated 96-bit IV. The IV is stored alongside the ciphertext and is not secret — its purpose is to ensure that encrypting the same file twice produces different ciphertext.

Authentication tag

GCM produces a 128-bit authentication tag over the ciphertext and associated data (AAD). The tag is verified before decryption proceeds. If the ciphertext or AAD has been modified, decryption fails with an authentication error — the file is not presented to the user.

Key rotation

DEKs can be rotated without re-uploading files. A rotation event:
  1. Decrypts the existing DEK using the current KEK
  2. Re-wraps the DEK with a new KEK derived from the rotated master key
  3. Writes the new wrapped DEK to the database
File ciphertext is unchanged. The rotation is logged in the audit trail.
Enclave does not perform automatic key rotation. Rotation is initiated by your key management administrator and propagated to Enclave via the KMS API.