Crow Backup

Whitepaper

Crow Backup is a software that allows for the creation of backups on friends’ computers in a simple and secure manner.

To do this, both install the Crow Backup Client application, add each other as friends, allocate storage space, and can then create encrypted backups for each other.

Encryption

All backup data is encrypted locally before being transferred to friends. The encryption is two-stage, from the password, a “Ciphering Data” is created and then used to encrypt the files. The implementation of the algorithms matches the standard implementation in the JDK from Adoptium, unless otherwise noted.

Algorithm for the Files

The encryption algorithm for the files and metadata is AES/CBC/PKCS5Padding with a key length of 256 bits. The key for encrypting the data is the “Ciphering Data”.

Ciphering Data

The Ciphering Data is a randomly generated password created by the official Java class javax.crypto.KeyGenerator. It is designed to decouple the encryption of files from the password of a user. This randomly generated password is generated during registration and then stored on the hard drive, as well as encrypted and stored on a Crow Backup Server and with all friends in case of data loss.

The encryption algorithm of the Ciphering Data is the same as that of the files, but a different key is obviously used here. The key for the Ciphering Data is a PBKDF2WithHmacSHA512 hash based on the user’s password and a salt consisting of the SHA-256 hash of the user’s email address.

Message Signature

To ensure that messages really come from the friend (e.g., very relevant for messages about deleting backups), the messages are signed. The signature is made with SHA3-512withDSA with 3072 bits. The Private Key is encrypted and stored with the Ciphering Data. The Public Key is sent to all friends for signature verification, as well as to the server.

Client-Server Registration

Additionally, the client also registers with a Crow Backup Server to manage friendships and find connections with friends.

For this, the password is hashed twice. First on the client once, from which the server login is derived. To always get the same server login, a constant salt is used on the client, consisting of the SHA-256 hash of the user’s email address. Then the server login is also hashed on the server, to be able to securely store it there. This time, however, a random salt is used. For these two hashes, Argon2 with an implementation by Moritz Kammerer is used.

Transfer

Crow Backup supports various ways for friends to transfer data to each other. Since all data is completely encrypted locally, the transfer does not need to be encrypted additionally.

Connection Setup

In the local network, the computers automatically find each other with a UDP broadcast. If this does not work, the known IP addresses are sent to the Crow Backup Server and the friends can retrieve them from there. After that, Crow Backup can connect with these IP addresses, provided that the corresponding address is reachable and not, for example, in another network or behind a firewall.

Transfer

If the friends are directly reachable, the data is transferred on TCP Port 58300. If this is not possible, the data can also be stored like a letter box on a Crow Backup Server and then downloaded by friends from there. This is, however, due to limited resources a slower variant. It is therefore recommended to set up port forwarding for TCP Port 58300 on the local router.

Data Retention

When using Crow Backup, various data is generated. Locally, these are stored in the user directory in the subfolder .crow. Primarily, these are the stored (encrypted) backups from friends. Additionally, metadata from the user and analysis data from Crow Backup are generated.

Also, data is generated on the Crow Backup Servers. If no direct connection between the users can be established, the (encrypted) backups are temporarily stored on these servers for transmission. Additionally, further metadata, which is necessary for operation, is stored – as mentioned in the chapter “Client-Server Registration”. The goal is always to store as little data as possible, and only as much as necessary. Crow Backup takes the privacy of its users very seriously. The Crow Backup Servers are all located in Switzerland and the data is processed at least according to Swiss data protection laws.

Glossary

  • Argon2: One of the most modern password hashing algorithms.

  • AES: “Advanced Encryption Standard”, one of the most commonly used symmetric encryption methods today.

  • CBC: “Cipher Block Chaining”, a method for linking blocks in an encryption.

  • DSA: DSAs are standardised procedures for asynchronous signature of data using a public and a private key (see Public-/Private-Key).

  • Friend: A trustworthy person with whom a user can store backups.

  • Hash: An algorithm used for encrypting passwords that cannot be reversed in principle.

  • Java: One of the most commonly used programming languages today.

  • PBKDF2: “Password-Based Key Derivation Function 2”, one of the most commonly used procedures to derive a key for symmetric encryption from a password.

  • Private Key: This is the secret part of the Public-/Private-Key key pair and is used for signing data.

  • Public Key: This is the public part of the Public-/Private-Key key pair and is used for verifying signatures.

  • Salt: Usually a random string that is appended to a password to make it harder to crack.

  • SHA: “Secure Hash Algorithm”, one of the most commonly used hashing algorithms today.

  • TCP: “Transmission Control Protocol”, a connection-oriented network protocol.

  • UDP: “User Datagram Protocol”, a connectionless network protocol.