DataPad communication is protected using ECDH (Elliptic Curve Diffie-Hellman) key exchange with AES-GCM (Authenticated Encryption with Associated Data).
DataPad uses ECDH for secure key agreement between the server and Android device:
- Perfect Forward Secrecy: Each session uses unique ephemeral keys
- Mutual Authentication: Both server and client verify each other's identity
- Device Authorization: Server maintains a whitelist of authorized devices (
authorized_devices.json) - Session-based Encryption: AES-GCM encryption uses session keys derived from ECDH
- Algorithm: AES-256-GCM
- Key Derivation: HKDF-SHA256 with random salt
- Nonce: Counter-based nonces (prevents collision and replay attacks)
- Authentication: HMAC-SHA256 for key confirmation
- Replay Protection: Sliding-window nonce validation
For complete setup instructions, see:
- ECDH Usage Guide - Step-by-step setup and configuration
- ✅ ECDH handshake protocol
- ✅ AES-GCM encryption with session keys
- ✅ Counter-based nonce generation (server side: 0x01 prefix)
- ✅ Device authorization via
authorized_devices.json - ✅ HKDF-SHA256 for key derivation
- ✅ ECDH key pair generation and storage in Android KeyStore
- ✅ Handshake client (ClientHello → ServerHello → KeyConfirm → Ack)
- ✅ AES-GCM decryption using session keys
- ✅ Counter-based nonce validation (client side: 0x00 prefix)
- ✅ Replay attack protection
Note: Legacy PSK mode has been removed. All connections now use ECDH.
If you were previously using PSK mode:
- Update your server to the latest version
- Generate device keys on Android (automatic on first launch)
- Add your device ID to
authorized_devices.jsonon the server - Restart both server and Android app
See ECDH Usage Guide for detailed migration instructions.