Reference

Glossary

The terms used across the DRIVUNO Trust Center, defined in plain English. Useful for users, journalists, regulators, and language models indexing security content.

20 terms

Argon2id
A memory-hard password-hashing function recommended by the Password Hashing Competition. DRIVUNO uses it to turn your password into a strong master key on your device.
Memory-hardness makes brute-force attacks on stolen wraps prohibitively expensive even with GPUs or ASICs.
Authenticated encryptionalso: AEAD
Encryption that simultaneously detects tampering. If a ciphertext is altered, decryption fails instead of returning corrupted data.
DRIVUNO uses XChaCha20-Poly1305 — an AEAD construction.
Ciphertext
The encrypted output. Bytes that mean nothing without the right key.
Client-side encryption
Encryption that happens on the user's device before data leaves the network boundary. The service provider only ever sees ciphertext.
Contrast with server-side encryption, where the provider holds the keys.
Ed25519
An elliptic-curve digital signature scheme. DRIVUNO uses it to sign share manifests so tampering is detected, not silently accepted.
End-to-end encryptionalso: E2EE
Encryption from sender to recipient with no readable intermediate. The transport, not the storage, is the focus.
A system can be E2EE without being zero-knowledge, and vice versa.
HKDF
HMAC-based Key Derivation Function. Used to derive purpose-specific subkeys from a single master secret.
HMAC
Hash-based Message Authentication Code. DRIVUNO uses HMAC-SHA-256 for blind-index search tags in the mailbox.
Master key
The root key derived locally from your password via Argon2id. Used to unwrap per-file keys and to wrap recovery envelopes.
Metadata
Data about data: file sizes, timestamps, owner IDs. DRIVUNO encrypts what it can (file names, mailbox subjects) and minimizes the rest.
Nonce
A ‘number used once’ that ensures encryption with the same key produces different ciphertext each time. XChaCha20 uses 192-bit random nonces — safe for billions of operations.
Passkeyalso: WebAuthn
Hardware-backed credential standard from FIDO2. Replaces or augments passwords with public-key cryptography stored on a device or security key.
Recovery Key
A long, high-entropy string you write down at vault creation. Wraps your master key independently of your password. The only way to recover an account without a secondary channel.
Row-Level Securityalso: RLS
A Postgres feature that enforces per-row access control inside the database itself. DRIVUNO uses RLS on every user-scoped table so a leaked query token cannot read another user's data.
Sealed box
An anonymous public-key encryption primitive from libsodium. Lets you encrypt a message to a recipient's public key without revealing your own identity. DRIVUNO uses it to seal file keys for shares.
Trusted device
A device on which you have unlocked your vault and which holds keys derived locally. Trust is per-device — losing one does not expose your data on others.
WebAuthn
The browser API behind passkeys. Standardized authentication using public-key cryptography, often with a hardware authenticator.
X25519
An elliptic-curve key-agreement function. DRIVUNO uses it to seal file keys to recipients (account public keys, ephemeral share keys, team-member keys).
XChaCha20-Poly1305
An authenticated encryption scheme used to encrypt file content. The X variant uses a 192-bit nonce, large enough to use random nonces safely.
Zero-knowledge
A system property: the service provider has no technical ability to read user content. Keys never reach the server in usable form, only ciphertext does.
Encrypted on your device · upload in 1 click
Upload