Secure by default
Strong encryption is active from the first launch. There is no insecure mode to forget to turn off.
Security First
Security is the foundation, not a feature
At Cryptiqo, security is a design principle applied from the first line of code — not a layer added later. We favour secure-by-default behaviour, least privilege and a small, transparent attack surface, and we only make claims our documentation supports.
Manifesto
Our security principles
Least privilege
The app requests only what it genuinely needs: the camera while scanning, and the network only for an optional backup.
Reduced attack surface
No backend servers, no user accounts and no always-on connectivity means far fewer places for things to go wrong.
Dependency minimization
A deliberately small, reviewed dependency set keeps the supply chain and attack surface manageable.
CardVault in practice
Cryptographic primitives
The building blocks used to keep CardVault data confidential and tamper-evident.
| Purpose | Primitive | Notes |
|---|---|---|
| Symmetric encryption (images, backups, key wrapping) | AES-256-GCM | Authenticated encryption; 96-bit random IV per message; tag verified on decrypt. |
| Passphrase key derivation | Argon2id | Memory-hard, resistant to GPU/ASIC brute force; parameters tunable. |
| KDF fallback | PBKDF2-HMAC-SHA256 | Always available via JCE; high iteration count. |
| Database encryption | SQLCipher (AES-256) | Transparent, page-level encrypted SQLite that enables encrypted querying. |
| Key wrapping | Android Keystore | Hardware-backed where available (StrongBox / TEE); wraps the database key. |
Key hierarchy
Keys derived from a secret only you know
Your passphrase derives a key-encryption key that exists only in memory. A random 256-bit database key is wrapped by an Android Keystore key and stored as ciphertext, and the database itself is encrypted with SQLCipher.
- The passphrase never leaves the device and is never stored in plaintext.
- Sensitive buffers are zeroized in memory after use.
- A one-time recovery passphrase prevents permanent lock-out.
PassphraseArgon2id / PBKDF2 →
Key-encryption keyin memory only
Database key (256-bit)wrapped by Android Keystore
SQLCipher databaseencrypted at rest
Threat model
Designed against real threats
CardVault’s threat model uses the STRIDE methodology. A summary of key threats and mitigations:
Lost / stolen device
Data encrypted at rest; Keystore key bound to device; biometric / passphrase gate.
Malicious app reading files
Database and images are ciphertext; keys live in the Keystore.
Cloud account compromise
Backups are ciphertext; an attacker cannot decrypt without the passphrase.
Provider / developer access
Zero-knowledge: no keys or plaintext leave the device; there is no server component.
Brute-force of passphrase
Argon2id memory-hard KDF; the passphrase policy enforces entropy.
Tampered backup
GCM authentication tag plus checksum validation reject modified packages.
Honest about limits: a compromised or rooted device with an unlocked session can observe in-memory secrets, and protecting the one-time recovery passphrase is the user’s responsibility. Key escrow beyond the recovery passphrase is intentionally not provided.
Questions
Security FAQ
What encryption does CardVault use?
AES-256-GCM authenticated encryption for images, backups and key-wrapping payloads; SQLCipher (AES-256) for the database; Argon2id for passphrase key derivation, with PBKDF2-HMAC-SHA256 as a fallback.
How are encryption keys protected?
The random 256-bit database key is wrapped by an Android Keystore key — hardware-backed via StrongBox or a TEE where available — and stored as ciphertext. The passphrase-derived key exists only in memory for the duration of a session.
Can the developer or provider read my data?
No. Keys derive from your passphrase, which never leaves the device and is never stored in plaintext. There is no server component, so there is nothing for a provider to read.
How is tampering detected?
AES-256-GCM provides authenticated encryption, so any modification fails tag verification on decrypt. Backups additionally carry a checksum that is validated before decryption.
What is explicitly out of scope?
A compromised or rooted device with an unlocked session can observe in-memory secrets, and shoulder-surfing of the one-time recovery passphrase is the user’s responsibility. Key escrow beyond the recovery passphrase is intentionally not provided.
Software that respects you by default.
CardVault is the first Cryptiqo product — a practical demonstration of privacy-first, security-focused, offline-first software.