Whether you don't trust government agencies or simply want maximum security, reliability and integrity Degoo's top secret storage is the choice for you.
What is the top secret storage?
The feature is currently available on Android for beta users (upload and download) and partly supported in Windows (download) for all paying users. You can start a free trial directly at degoo.com. We are currently working on full support across all of Degoo's remaining platforms (iOS, Windows and Mac OS).
The top secret feature in Degoo is a method of making sure it's technically impossible for anyone but you to access your uploaded files. The top secret feature consist of two parts; zero knowledge encryption of your files and multi-location storage replication. You choice a passphrase known only by you, not stored anywhere in Degoo, that's used to encrypt and sign your uploaded files to ensure maximum security. Your files are encoded into individually signed chunks with redundancy and uploaded to multiple storage providers for maximum security and reliability.
Important! You need to make sure to store your passphrase somewhere safe. Since the passphrase isn't stored anywhere in Degoo you can't reset it if you forget it.
Part 1: Zero knowledge encryption
Also known as zero knowledge proof or private key encryption. Your files are encrypted with randomly generated AES-256 encryption keys. Each generated key is stored along with your encrypted files and is encrypted with a passphrase known only by you.
Key derivation function
Your passphrase derives a key using the PKCS 5 V2.0 Scheme 2. The derived key is used to encrypt both your AES-256 encryption keys to your files and the AES-256 encryption key used to encrypt the meta data stored about your files.
Each block of data that's uploaded (typically around 8 MB) is encrypted with a randomly generated AES-256 encryption key.
A user constant AES-256 encryption key is also generated that encrypts the meta data about each file.
All symmetric encryption is done using AES/CBC/PKCS5Padding.
RSA-4094 key pair
The randomly generated AES-256 encryption keys are encrypted with a public RSA-4096 key. The corresponding RSA-4096 private key is needed to decrypt the AES key upon file download.
Each uploaded file produces an HMAC signature that's verified upon downloading to ensure the integrity of your file.
Storing encryption and signing keys
All your encryption and signing keys are only uploaded to Degoo's server once they are encrypted using your secret passphrase, except for the public RSA-4096 key. Your public RSA-4096 can only be used to encrypt, not decrypt. By storing it without any additional encryption your files can be uploaded securely in the background, without you needing to enter your passphrase every time the app starts.
Your keys are uploaded to ensure you can recover and download your files whichever device you install Degoo on without having to move your keys manually to the new device. The keys can only be decrypted with your private passphrase and are only decrypted in memory on each device when you download your files.
Part 2: Multi-location storage replicationTo further improve security and also reliability your files are stored across multiple data centers and storage providers.
Blocks of data
For improved performance and to reduce bottlenecks your files are encoded into blocks of data, usually around 8 MB each.
One block of data is coded with Reed-Solomon error-correcting codes. This encoding produces 4 chunks of data, or shards. The original data is scrambled in these shards to further improve security. The encoding is made with a 4/3 redundancy, meaning that any 3 shards are needed to reconstruct the original block of data.
In addition to signing each block of data, each shard also produces an HMAC signature that's verified upon downloading to also ensure the integrity of each shard.
Even if a storage provider would somehow manage to break the military grade encryption mentioned above and try to access your files it would not be possible because no single storage provider holds enough data to reconstruct a file.
In addition to the increased security the storage replication together with the redundancy also improves the reliability of your files if a data center should experience downtime.
Typical use cases
You don't want the hassle and security issues of storing your Bitcoin wallet yourself but don't trust any of the Bitcoin wallet providers.
You want a secure and reliable way to store your most sensitive documents.
Human rights activist
You have sensitive documents that you want to make sure no government agency will be able to access.
We all have things we want to keep to ourselves and no matter how trustworthy a cloud storage provider might be you just don't feel comfortably unless you know that is technically impossible for anyone but you to access your files.
Start using top secret uploads with Degoo right now. Start your free trial directly at degoo.com.
You find the Degoo Android app at play.google.com