--- title: Cryptography description: An overview of the cryptography used in Veilid weight: 23 layout: subpage --- Strong, appropriate, cryptography choices are essential to the functioning of Veilid. Veilid provides applications guarantees about how data is handled on the wire and at rest. Cryptosystems were chosen that work well together and provide a balance of speed and cryptographic hardness. ### Current Cryptography Systems ### Upgrading Cryptography Systems Nothing lasts forever and cryptography is no exception. As computing power improves and cryptographic attacks evolve, weaknesses in cryptosystems are inevitable. Veilid has ensured that upgrading to newer cryptosystems is streamlined and minimally invasive to app developers, and handled transparently at the node level. ### Secure Storage - Device-level secret storage APIs are available for all platforms - Encrypted table store APIs are exposed to applications to make safe data storage easy - Device data keys can also be password protected - Apps never need to write anything to disk unencrypted

ProtectedStore

Device-level Secret Storage

  • MacOS / iOS Keychain
  • Android Keystore
  • Windows Protected Storage
  • Linux Secret Service
New Rust Crate: keyring-manager

TableStore

Encrypted Key-Value Database

  • SQLITE on Native
  • IndexedDB in Browser
  • Device Key can be protected from backup dumping attacks
New Rust Crate: keyvaluedb

RecordStore

Distributed Hash Table Storage

  • Encrypted + Authenticated
  • Subkey support
  • LRU distributed cache
  • Per-key multi-writer schemas

BlockStore

Content-addressable Data Distribution

  • Take What You Give model
  • Connect and share cloud storage
  • Bittorrent-like sharding
This feature is "coming soon."
### On The Wire

Everything is end-to-end encrypted

Data is encrypted at rest and on the wire

Your data is protected even if you lose your device