🔒 Monica Android Local Storage & Encryption Technical Document

Zero-Knowledge Architecture

Monica Android implements a multi-layered, full-disk and field-level cascading encryption architecture to ensure the absolute security of users' sensitive assets (such as passwords, credit card numbers, 2FA keys, secure notes, etc.) during local persistence and WebDAV backup procedures. The system core adheres strictly to a Zero-Knowledge Architecture framework: even if a device is lost or database files are extracted, an adversary cannot reverse-engineer any plaintext data without the user's Master Password.

1. Local Data Storage

Monica rejects plaintext SQLite storage or unreliable key-value configurations, fully embracing Google's recommended Modern Android Development (MAD) architectural practices for structured data management:

Core Persistence Layer: Implemented via the Room Persistence Library (an advanced abstraction layer over SQLite) to maintain highly cohesive Data Access Objects (DAOs).
Physical File Infrastructure: Data is written directly to the sandbox-contained password_database.db file and its associated WAL (Write-Ahead Logging) files.
Physical Isolation Boundary Isolating: Data is strictly confined to the application's private secure directory (/data/data/takagi.ru.monica/databases/). On un-rooted devices, external malicious processes have zero permissions and no means to bypass this sandbox boundary.

2. Core Cryptographic Architecture

2.1 Algorithm Selection: AES-256-GCM

Monica's core cryptographic engine utilizes the AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) industry-grade symmetric encryption algorithm.

Why Choose GCM Mode?

Traditional modes like CBC only provide confidentiality and are vulnerable to tampering vulnerabilities such as bit-flipping attacks. Conversely, GCM is an AEAD (Authenticated Encryption with Associated Data) mode that delivers:

Authenticated Encryption: Simultaneously generates a 16-byte authentication tag while encrypting the payload.
Integrity Verification: Runtimes automatically verify the tag upon decryption. Any minute tampering with the ciphertext or IV will instantly trip a runtime circuit-breaker, failing decryption and neutralizing tampering or Man-in-the-Middle (MitM) injections.

2.2 Sensitive Data Pipeline (SecurityManager)

For highly sensitive fields within the Room database's PasswordEntry table (e.g., password fields, security answers), Monica fires the following lifecycle routines in real time during I/O operations:


[Plaintext Data] ➔ Appended with 12B Random IV ➔ [AES-256-GCM Engine] ➔ Assembled as (IV + CipherText) ➔ Base64 Encoding ➔ Written to DB

Pre-Persistence Encryption: The engine intercepts the raw string via the SecurityManager and dynamically injects a 12-byte high-entropy random IV (Initialization Vector).
Compound Storage Structure: The payload is safely written to SQLite cells as a composite string formatted as Base64(IV + CipherText).
Decryption on Retrieval: Upon fetching data from Room, the engine automatically runs Base64 decoding ➔ splits the 12-byte prefix IV from the trailing ciphertext ➔ interfaces with hardware keys to restore the plaintext.

3. Master Password Derivation & Hardware Key Custody

3.1 High-Strength Key Derivation (PBKDF2)

To neutralize rainbow table matching and offline brute-force attempts, the user's Master Password is never persisted locally, nor is its hash ever stored. Instead, it serves solely as the root seed for dynamic key derivation:

Core Primitive: Utilizes the PBKDF2WithHmacSHA256 (Password-Based Key Derivation Function 2) cryptographic standard.
Iteration Metrics Anti-Brute Force: Configured with a high parameter of 100,000 cryptographic hashing iterations, exponentially driving up processing and time costs for offline attacks.
Dynamic Salt Protection: A unique 16-byte cryptographic salt is randomly provisioned during device initialization. This ensures that even if two users share identical Master Passwords, their underlying root keys remain fully independent.

3.2 Hardware-Level Secure Zones (Android KeyStore)

Derived working keys and sensitive runtime configurations are actively anchored by Jetpack Security infrastructure (EncryptedSharedPreferences and MasterKey):

IMPORTANT

Hardware Isolation via TEE / SE The generation of the underlying Master Key and its operational cryptographic routines occur entirely in isolated hardware boundaries—either a TEE (Trusted Execution Environment) or an SE (Secure Element) chips. Consequently, even if the Android OS runtime layer is compromised or maliciously rooted, encryption keys cannot be extracted from the physical hardware substrate.

TIP

Biometric Authorization (BiometricPrompt) Runtimes interface smoothly with hardware fingerprint modules or 3D structured-light facial recognition. Upon a successful biometric verification event, the hardware secure zone temporarily releases working keys, bypassing the need to repeatedly expose the Master Password string and balancing convenience with strict safety.

4. Remote Backup Encryption Standard (WebDAV)

When an automated or manual cloud-bound WebDAV asynchronous backup worker is triggered, Monica's AutoBackupWorker spins up an isolated cryptographic pipeline:

Encryption Packaging Pipeline

text

[Sandbox Core JSON Bundles] 
       ⬇
[Packed into Standard Binary ZIP Stream] 
       ⬇
[Fetch User Backup Password] ➔ [PBKDF2 100k Iterations Key Derivation]
       ⬇
[Hardened AES-256-GCM Encryption Injection] 
       ⬇
[Prepend Magic Header MONICA_ENC_V1] ➔ Generates Independent .enc.zip ➔ WebDAV Upload

Anti-Replay & De-correlation: Every single backup instance independently generates high-entropy salts and unique IVs. Even if backup payloads are sequentially identical, the binary structures of the resulting .enc.zip archives in the cloud vary completely, blocking cloud service providers from profiling user data through file footprint sizes.

5. Cryptographic Security Matrix Summary

Security Layer	Technical Implementations	Targeted Threat Vectors
Local Data Persistence	`AES-256-GCM (256-bit)`	Database extraction attacks, physical bit-flipping tampering, side-channel injections
Master Password Protection	`PBKDF2 + HMAC-SHA256` (100,000 iterations)	Offline brute-force attacks, rainbow table matching, dictionary spraying
Runtime Key Protection	`Android KeyStore (TEE/SE Boundaries)`	Memory dumping, rooted privilege file boundary escapes, physical chip-stripping extraction
Cloud Data Pipeline	`MONICA_ENC_V1` Hard Binary Stream Encryption	Infrastructure compromises on endpoints (Jianguoyun/Nextcloud), backup transmission snooping

🔒 Monica Android Local Storage & Encryption Technical Document ​

1. Local Data Storage ​

2. Core Cryptographic Architecture ​

2.1 Algorithm Selection: AES-256-GCM ​

2.2 Sensitive Data Pipeline (SecurityManager) ​

3. Master Password Derivation & Hardware Key Custody ​

3.1 High-Strength Key Derivation (PBKDF2) ​

3.2 Hardware-Level Secure Zones (Android KeyStore) ​

4. Remote Backup Encryption Standard (WebDAV) ​

5. Cryptographic Security Matrix Summary ​