Key is stored unencrypted because of the assumption:īecause the contents of an adopted storage device are strongly tied to the Android device that adopted it, the encryption keys should not be extractable from the parent device, and therefore the storage device can't be mounted elsewhere.īut if you are already rooted and once you have the key, it's possible to decrypt the SD Card on a Linux machine using dmsetup. In case of Adoptable Storage implemented since Android M, key is saved at /data/misc/vold/expand_*.key, you don't need to dump memory but accessing /data requires root. userdata partition (on FDE as well as FBE) is hard (or impossible) to decrypt off-the-device because of hardware-backed encryption. In previous versions Android's default encryption for /data and Adoptable Storage was Full Disk Encryption (FDE) which is a custom implementation of dm-crypt. I cannot find any info about this use case which seems very strange to me. Using Android default sd card encryption (FDE/FBE), dumping memory to get access to the encryption key and using that from Linux to access files.Using Termux and rooting the phone to mount a gocryptfs or other encrypted file system.Changing my phone to one on which I can install UbPorts :).It doesn't seem that I can access files using regular apps using this solution. Their purpose is originally to encrypt files before storing them in the cloud. Commercial programs using their own file-based encryption but available on multiple platforms such as Boxcryptor, or Cryptomator. ![]() I have no idea how efficient this is performance-wise, or if it is safe for the card. I found this program : EDS which apparently can mount Luks volume if the phone is rooted. Full disk encryption methods such as Luks.In that sense, the phone is considered trusted once unlocked, so encryption should be transparent so that files are accessible via standard phone apps (i.e. My understanding is that most encryption methods are broken on Android for these purposes as the keys are often accessible from memory. Use case is protecting data, mostly pictures, from phone thief/finder, not from a gvt agency or police. ![]() As a consequence, native Android SD-card encryption is not a solution as the contents are not readable on other platforms, nor recoverable if the phone fails or needs a reset.
0 Comments
Leave a Reply. |