Glossary

Terms used across the developer documentation. Each entry links to the page (or source file) where the concept is specified.

Keys and Derivation

Master Seed — The 256-bit root secret created at identity setup. Every other key derives from it (directly or via HKDF); it is what a backup protects and what recovery restores. See Key Types.

Identity Signing Key — Ed25519 signing key. Uses the raw master seed directly (an Ed25519 requirement), not an HKDF derivation.

SMK (Shredding Master Key) — Root of the crypto-shredding hierarchy, derived once from the master seed (Vauchi_Shred_Key_v2) and held in platform secure storage. Destroying the SMK renders all locally encrypted data unreadable — that destruction is crypto shredding.

SEK (Storage Encryption Key) — Derived from the SMK (Vauchi_Storage_Key_v2); encrypts all local SQLite data at rest.

FKEK (File Key Encryption Key) — Derived from the SMK (Vauchi_FileKey_Key_v2); encrypts file key storage.

CEK (Content Encryption Key) — Random 256-bit key, one per contact, wrapping that contact's card data so a single contact's content can be shredded independently. See vauchi-core/src/crypto/cek.rs.

HKDF domain separation — Every derivation path uses a unique info string (e.g. Vauchi_Mailbox_v1); the full table is in the Cryptography Reference.

Protocol

X3DH — Extended Triple Diffie-Hellman key agreement used at contact exchange to establish the initial shared secret. See Contact Exchange.

Double Ratchet — Signal-style ratchet giving forward secrecy and break-in recovery for card updates between two contacts. Limits: 2000 chain generations, 1000 stored skipped keys. See Cryptography Reference.

Mailbox token — Anonymous, daily-rotating routing identifier derived via HKDF from the per-pair shared key (or the master seed for a device's own sync token). The relay routes by token and never sees a stable identity; public keys are never routing identifiers.

OHTTP (Oblivious HTTP) — RFC 9458 relaying that hides client IP addresses from the relay; the OHTTP gateway and the relay must be run by distinct operators. See Transport Encryption.

SPKI pinning — TLS certificate pinning against the SHA-256 hash of the server's SubjectPublicKeyInfo (RFC 7469 style), so a pin survives certificate renewal under the same key.

WBEX — The 4-byte magic prefix identifying a Vauchi exchange payload in QR codes (currently format v3). A historical protocol identifier with no current expansion. See Contact Exchange.

Data Protection

Crypto shredding — Deleting data by destroying the key that encrypts it (SMK or a per-contact CEK) instead of overwriting the ciphertext.

Duress PIN — A secondary unlock credential that shows a decoy contact list and silently alerts trusted contacts, for users unlocking under coercion. See Security.

Decoy contacts — The plausible fake contact list presented in duress mode, stored separately from real contacts.