Dark Chocolate Software, LLC
Apps made using pure, undiluted, cocoa

Annals Security

The primary goal of Annals was safe, easy, and secure journal keeping.
This page will explain how we protect data.

First and foremost, all encryption, decryption, hasing, and random generation is done by the system library, CommonCrypto

All encryption is done using AES128 with a 256bit key, and hmac computation is done using SHA256, and key generation hashing uses SHA512

Each shelf is protected by a seperate password, so that cracking one shelf won't get them every entry in every shelf.

This password is used to protect the encryption keys for each shelf.
It is run through PBKDF2 a large number of times to generate a derived key and a derived hmac key, and to slow down key guessers
This is used to decrypt the master key, master hmac, overview key and overview hmac.
Each item, and its associated attachments are encrypted using per item keys
Data we need more frequently such as tags and locations are encrypted with the overview key

Key generation

To generate the master, overview and per item keys, we use SecRandomCopyBytes to get enough bytes for both our key and hmac pair, then this data is hashed with more random data to generate the keys

Data Format

All encrypted data follows the following format:
  • A prefix of 8 bytes representing andata01
  • Little endian UInt64 bytes representing the length of the unpadded data
  • 16 bytes of randomly generated IV
  • Padded encrypted data, padded out to the block size for AES128, enough to fill it out to an even division of the block size, or a full additional blocksize
  • The hash of all the proceeding data
Attachment data is written out to disk as a seperate file
All other data is converted to Base64 and stored in the database or backups as text

We keep only unlocked and in memory what needs to be unlocked for basic display

Potential threats

So, you are concerned about your journals, they have very private data. What are the possible threats.

The two most likely threats are a weak or easily guessed password, or that we screwed up. We do our best to ensure the safety and integrity of your data, but we won't try to claim perfection.

Next is an unlocked journal on a device, export functions are password protected, but the master keys of any unlocked shelves are already in memory.

There is also a possibility of inferrence drawing via the unencrypted meta data

  • Shelf names are unencrypted so that we can display them on the login screens
  • Entry date stamps are unencrypted for speed of loading the entry list
  • Links between tags, locations, attachments and entries are visible
  • Actual tag name is encrypted (and a hashed version for search purposes)
  • Specific location data is encrypted, and a less accurate version is hashed for searching purposes

Syncing and iCloud

There is a final possibility, and that is if you choose to use iCloud to sync, and someone compromises the layers of protection surrounding that, and then gets through all of the above as well

We chose to use Apple's CloudKit for two main reasons. Ease of use, and security

We already have experience syncing with CloudKit so the libraries were similar. Syncing is fast and easy for the kind of data we store

But what of security you say? It's the cloud, surely it isn't secure

First, all of the above happens on your devices, before we ever sync anything to Apple's end. Second, communication with iCloud happen's exclusively over https, using Apple's own libraries. Third, all Annals data is stored in your private database, and is encrypted on their servers using your account's keys.

For more information on iCloud security, see Apple's white paper

Best practices

There are some steps one can take to increase the security of one's journals and devices in general.

  • First, use a strong password, we won't list the whole littany of password strength techniques, but unique, long, mix of letters, numbers and symbols.
  • For super strong passwords, we recommend creating and storing them in an app such as 1Password
  • Second, use strong passwords on your devices and iCloud account. TouchID is good for quick access, but behind it should be a strong unique password, not a 4 digit pin.
  • If you are concerned about TouchID, it's use in Annals for iOS is completely optional
  • Enable iCloud two factor authentication
  • Do not jailbreak your device, and be careful what software you run on your Mac.

This is by no means a list of every security precaution, but its a good starting point