Skip to content

[EVFS] Key management: master key rotation and vault export/import #78

Description

@Adel-Ayoub

Summary

Add master key rotation (re-encrypt all vault data under a new key) and vault export/import (portable encrypted archive for device migration). Both operations are atomic and crash-safe.

Motivation

  • Key rotation: Compromised or expired keys require re-encryption without data loss. Compliance (NIST SP 800-57) recommends periodic rotation.
  • Export/import: Device migration needs secure vault transfer. The export format wraps data with a transport key, decoupling from the original master key.

Architecture

Key Rotation (copy-to-new-vault + atomic rename)

vault_rotate_key(handle, new_key):
  create temp vault at {path}.rotating
  derive new sub-keys from new_key
  for each segment:
    decrypt with old keys → re-encrypt with new keys → write to temp
  flush temp index (primary + shadow), fsync
  atomic rename: {path}.rotating → {path}
  zeroize old sub-keys
  return new VaultHandle

Recovery: if .rotating exists on open, delete it (original vault intact).

Export/Import (.mvex archive format)

vault_export(handle, wrapping_key, export_path):
  generate ephemeral export_key, wrap with wrapping_key
  for each segment: decrypt → re-encrypt under export_key → write to archive
  BLAKE3 trailer for integrity

vault_import(archive, wrapping_key, dest_path, new_key):
  unwrap export_key → create new vault → write all segments under new_key

Sub-Issues

Dependency Graph

#110 (rotation) ──→ #111 (export) ──→ #112 (import) ──→ #113 (Dart wrappers)
                         │                                       │
                         └── shares decrypt_segment_raw()        └── completes Key management

Acceptance Criteria

  • After rotation, old key cannot decrypt any data
  • Rotation is atomic: crash mid-rotation → recoverable with old key
  • Export produces a self-contained authenticated .mvex archive
  • Import creates a new vault re-encrypted under local key
  • Tampered/truncated archives detected and rejected
  • Dart VaultService.rotateKey(), .export(), .importVault() with tests

Security Considerations

  • Old sub-keys zeroized immediately after rotation (ZeroizeOnDrop)
  • Export wrapping uses AAD b"msec-export-key-wrap" for domain separation
  • Archive format authenticated: per-segment AAD (name) + BLAKE3 trailer
  • Nonce safety: new vault keys = independent HKDF nonce space; export uses random nonces

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-cryptoArea: core crypto opsA-evfsArea: vault file systemC-trackingTracking/epic issuesdartthis taks are related to Dart partrustthis kind of tasks is related to Rust partsecuritySecurity-sensitive changes

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions