Skip to the content.

RFC 0004: Encryption & Key Storage


Summary

Specifies encryption at rest for passport sections and master key storage on the user’s machine.

Aligned with SECURITY.md.


Motivation

Passport files may sit on disk backups, sync folders, or compromised filesystems. Section-level encryption limits blast radius.


Encryption

Algorithm

Section keys

sectionKey = HKDF-SHA256(
  ikm = masterKey,
  salt = sectionId UTF-8,
  info = "ai-passport-section",
  length = 32
)

Each section (identity, coding, …) has an independent derived key.

Encrypted envelope

~/.ai-passport/passport.json:

{
  "version": "1.0.0",
  "sections": {
    "identity": {
      "ciphertext": "base64(ciphertext || authTag)",
      "nonce": "base64",
      "alg": "AES-256-GCM",
      "updated_at": "ISO-8601"
    }
  }
}

Plaintext passport document is never written to disk.


Master key storage

Priority order:

  1. OS keychain (preferred)
    • Service: ai-passport
    • Account: master-<sha256(home)[0:16]> (per passport home directory)
  2. File fallback~/.ai-passport/keys/master.key (mode 0600) when keychain unavailable

Legacy account master supported for migration on default home only.

Reference file: keys/master.keyref records storage kind.


Threat model (v1)

Threat Mitigation
Stolen passport.json Useless without master key
Leaked section ciphertext Other sections remain protected
Malicious consumer Grants + filtered export only
Revoked consumer Grants + tokens cleared

Out of scope


Operational notes


Implementation


Drawbacks