Reference
Glossary
The terms used across the DRIVUNO Trust Center, defined in plain English. Useful for users, journalists, regulators, and language models indexing security content.
20 terms
- Argon2id
- A memory-hard password-hashing function recommended by the Password Hashing Competition. DRIVUNO uses it to turn your password into a strong master key on your device.
- Memory-hardness makes brute-force attacks on stolen wraps prohibitively expensive even with GPUs or ASICs.
- Authenticated encryptionalso: AEAD
- Encryption that simultaneously detects tampering. If a ciphertext is altered, decryption fails instead of returning corrupted data.
- DRIVUNO uses XChaCha20-Poly1305 — an AEAD construction.
- Ciphertext
- The encrypted output. Bytes that mean nothing without the right key.
- Client-side encryption
- Encryption that happens on the user's device before data leaves the network boundary. The service provider only ever sees ciphertext.
- Contrast with server-side encryption, where the provider holds the keys.
- Ed25519
- An elliptic-curve digital signature scheme. DRIVUNO uses it to sign share manifests so tampering is detected, not silently accepted.
- End-to-end encryptionalso: E2EE
- Encryption from sender to recipient with no readable intermediate. The transport, not the storage, is the focus.
- A system can be E2EE without being zero-knowledge, and vice versa.
- HKDF
- HMAC-based Key Derivation Function. Used to derive purpose-specific subkeys from a single master secret.
- HMAC
- Hash-based Message Authentication Code. DRIVUNO uses HMAC-SHA-256 for blind-index search tags in the mailbox.
- Master key
- The root key derived locally from your password via Argon2id. Used to unwrap per-file keys and to wrap recovery envelopes.
- Metadata
- Data about data: file sizes, timestamps, owner IDs. DRIVUNO encrypts what it can (file names, mailbox subjects) and minimizes the rest.
- Nonce
- A ‘number used once’ that ensures encryption with the same key produces different ciphertext each time. XChaCha20 uses 192-bit random nonces — safe for billions of operations.
- Passkeyalso: WebAuthn
- Hardware-backed credential standard from FIDO2. Replaces or augments passwords with public-key cryptography stored on a device or security key.
- Recovery Key
- A long, high-entropy string you write down at vault creation. Wraps your master key independently of your password. The only way to recover an account without a secondary channel.
- Row-Level Securityalso: RLS
- A Postgres feature that enforces per-row access control inside the database itself. DRIVUNO uses RLS on every user-scoped table so a leaked query token cannot read another user's data.
- Sealed box
- An anonymous public-key encryption primitive from libsodium. Lets you encrypt a message to a recipient's public key without revealing your own identity. DRIVUNO uses it to seal file keys for shares.
- Trusted device
- A device on which you have unlocked your vault and which holds keys derived locally. Trust is per-device — losing one does not expose your data on others.
- WebAuthn
- The browser API behind passkeys. Standardized authentication using public-key cryptography, often with a hardware authenticator.
- X25519
- An elliptic-curve key-agreement function. DRIVUNO uses it to seal file keys to recipients (account public keys, ephemeral share keys, team-member keys).
- XChaCha20-Poly1305
- An authenticated encryption scheme used to encrypt file content. The X variant uses a 192-bit nonce, large enough to use random nonces safely.
- Zero-knowledge
- A system property: the service provider has no technical ability to read user content. Keys never reach the server in usable form, only ciphertext does.