Lines Matching full:encryption
1 page.title=File-Based Encryption
29 Android 7.0 and above supports file-based encryption (FBE). File-based
30 encryption allows different files to be encrypted with different keys that can
34 This article describes how to enable file-based encryption on new devices
40 File-based encryption enables a new feature introduced in Android 7.0 called <a
44 encryption</a> (FDE), users needed to provided credentials before any data could
51 With the introduction of file-based encryption (FBE) and new APIs to make
52 applications aware of encryption, it is possible for these apps to operate
66 user to be protected at a time as the encryption is no longer based solely on a
70 The Direct Boot API allows encryption-aware applications to access each of these
81 A complete implementation of file based encryption on an Ext4 file system is
102 Android provides a reference implementation of file-based encryption, in which
106 to the core changes to use the <a href="#kernel-support">ext4 Encryption</a>
124 More examples of applications and services that are encryption aware can be
136 <li><strong>Kernel Support</strong> for ext4 encryption (Kernel config option:
142 sufficient protection for encryption keys.
150 <li><strong>Encryption performance</strong> in the kernel of at least 50MB/s
154 Encryption credentials are not accessible by an unauthorized operating
175 The AOSP implementation of file-based encryption uses the ext4 encryption
177 based on 4.4 or later. Ext4 encryption has also been backported to a 3.10 kernel
232 In addition to functional support for ext4 encryption, device manufacturers may
234 encryption and improve the user experience.
236 <h3 id="enabling-file-based-encryption">Enabling file-based encryption</h3>
280 <li>Specify the file encryption cipher suite: AOSP implementation of file-based
281 encryption uses AES-256 in XTS mode
283 <strong>Note</strong>: All encryption is based on AES-256 in
290 <h3 id="encryption-policy">Encryption policy</h3>
292 Ext4 encryption applies the encryption policy at the directory level. When a
299 created and the encryption policy links these keys to those directories.
302 In the current AOSP implementation, the encryption policy is hardcoded into this
341 all components in the app as being encryption aware.
363 Each user in a multi-user environment gets a separate encryption key. Every user
401 <li>Add this top level directory to the encryption policy exception (see <a
402 href="#encryption-policy">Encryption policy</a> above).
417 CTS encryption tests</a>.
456 file-based encryption works. It should not be necessary for device manufacturers
459 <h3 id="ext4-encryption">ext4 encryption</h3>
461 The AOSP implementation uses ext4 encryption in kernel and is configured to:
467 Disk encryption keys, which are 512-bit AES-XTS keys, are stored encrypted
