I had some files/photos, etc. on the Gallery Vault app on my phone - they were saved to my SD card. My SD card has been lost/possibly stolen. I just wanted to check if someone could access these files in any way? I assume the answer is no, but just wanted to check.

I want to extend my storage using an SD card. To ensure the data is secure even if the phone is lost or stolen, the SD Card should be encrypted. So formatting the card as portable storage is out. Requirements: - Encrypted - Ability to decrypt and access data using a PC (Linux machine is fine) - SD card should be usable by common apps. - Even when formatting the SD card as adoptable storage, some apps cannot be moved and don't give the option to use said adoptable storage. They do give the option to store their data on a card formatted as portable storage. - Read/write speeds should not be significantly lower than when using SD card normally. - Nice to have: I can still restrict which apps have access where to keep separation and avoid a shared storage space accessible to all apps. I found a couple of other threads on this topic, however, it seems with newer Android versions and scoped storage, these previous methods have some limitations. Considered options: - Format as adoptable storage and move apps there. - Issue 1: not all apps can be moved, some data, like photos/videos are still stored internally. - Issue 2: Decryption isn't easily possible, guides such as [this one](https://android.stackexchange.com/questions/145443/how-to-decrypt-adopted-storage/145446#145446) appear to be outdated. I believe the encryption mode has changed. (If someone has pointers to adapt this to current versions of Android, I'd be thankful). - Set up a LUKS encrypted partition. Various instructions exist on how to set this up in principle, including this [handy script](https://github.com/pegelf/Android-LUKS-mount/blob/e05de18a770cc63a04b86922d12e5af27f449666/01-mount-luks-sd.sh) . - Seems to work in principle, in that I can mount and access the encrypted file system somewhere in /storage/emulated/0/. However, I've not been able to figure out how to get apps to actually be able to write to that mount, given the scoped storage concepts in Android -> permissions error. - Also, some apps don't provide the option to alter the location where they store data, as long as they don't believe an SD card is inserted (e.g. camera storing photos). - **EDIT:** Actually, my main issue here seems to be SELinux. If I setenforce 0, I can use this mount. I haven't found a way around this without significantly weakening security. The perfect solution would be if I could get the phone to think it sees a SD card in "portable storage" mode, which is actually a LUKS-encrypted partition on the card under the hood. Any ideas/pointers on how to set up something like this or similar? Environment: rooted LineageOS 22.1

I have a full phone backup of a LineageOS 21 (Android 14) install containing all partitions copied to my Linux PC. I can mount several partitions, such as /system. However, the /data partition /dev/block/sda19 is of course encrypted. I have the full phone backup. I know my Android PIN. How do I manually decrypt and mount the /data partition?

This is my Android TV Box: [Dune HD Homatics Box R 4K Plus](https://www.dune-hd.com/products/homatics-box-r-4k-plus) , an Android TV 11 Media Player. I use it only to playback movies from my LAN. My internet is quite bad, not good enough for high-quality streaming from the internet. I am very much on the security side of things. The streaming box isn't allowed to access the internet, for example. Since I do stream family videos in HDR10 (which Windows often can't, unfortunately...), etc. I just want to protect this stuff. I do the same on all my other devices, but I'm very new to Android since I don't use a smartphone to this day (still Nokia 3310). I use encryption on all my Desktops and Laptops, so I want to implement this here as well, even though I just stream stuff from network resources. I want protection against someone with physical access to the device. That's why I want encryption of local files on this box. I can add here that to my knowledge, the device doesn't come with onboard encryption systems. So far, I can't find any option for password protection, so I guess there is no encryption activated at all. I'd like to go for one of these options: 1. Full Disk Encryption 2. Encrypt the apps and whatever data they write to the device. I heard about apps like Cryptomator or EDS. They offer container-based encryption as far as I can see. Full Disk Encryption, I guess isn't possible since Android 9. However, is there a way to force apps into containers or at least route their data (cache, temp, etc.) to the container files?

I have a similar goal as discussed here 5,5 years ago: But I'd prefer to use a file-based approach on-top of a "removable storage" setup managed by Android, so I can dynamically choose how much of it I want to use to store my private encrypted files only readable by this phone and other devices where I enter the key - and how much for unencrypted files I can share with other people by removing the microSD-card from my phone. I managed to easily setup a gocryptfs volume using the DroidFS app installed via F-Droid and also mount it via a Termux root shell with gocryptfs /storage/67DF-FCFD/DroidFS /mnt/crypt -nosyslog -allow_other The remaining obstacle is how to make that decrypted view = mount of my gocryptfs volume available for any app to read from and write to? I thought I could use a bind mount, see also: and But so far everything I tried failed:

# mount | grep /crypt
/storage/67DF-FCFD/DroidFS on /mnt/crypt type fuse.gocryptfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,max_read=1048576)
tmpfs on /mnt/crypt type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3900340k,nr_inodes=975085,mode=755,gid=1000)

# ls -alih /mnt/crypt/1/
total 5.2M
1048987 -rwxrwx---. 1 root media_rw 773K Mar 11 22:06 IMG_20250311_220628_348196.jpg
1048988 -rwxrwx---. 1 root media_rw 2.1M Mar 11 22:06 IMG_20250311_220639_873732.jpg
1048989 -rwxrwx---. 1 root media_rw 2.1M Mar 11 22:06 IMG_20250311_220644_933558.jpg

# nsenter -m -t pgrep rs.media.module -- mount -o bind /mnt/crypt/1 /storage/emulated/0/crypt
CANNOT LINK EXECUTABLE "mount": library "/data/data/com.termux/files/usr/lib/libtermux-exec.so" not found: needed by main executable

$ su -Mc mount -o bind /mnt/crypt/1 /storage/emulated/0/crypt
mount: '/mnt/crypt/1'->'/storage/emulated/0/crypt': No such file or directory

Please help! Thank you :)

I used a micro SD card in a Nokia Smartphone for years as internal storage. I ejected it to test if *another phone* detects this type of SD card. Although we planned to just see if it is detected, certain off-topic factors led to the acceptance of Google's suggestion to '*format it as internal storage*'. **As long as my phone still remembers the decryption, is there a way to recover** my Photos, GPS-tracks, Text-Notes and other data, despite being *encrypted* with the known key *and formatted* by another phone? ---------- My assumptions: * data from a non-encrypted card can often be retrieved mainly because the raw data still 'looks like' photos, mp3 etc; * encrypted data doesn't 'look like' anything, so recovery tools won't find anything; * Even if my phone doesn't care about data parts but about some 'yes I am your encrypted storage do not format me' file, a recovery tool would need the *decryption information* to look for the original content (i.e. *how to extract it* from the phone plus tell the tool?) ---------- Side note/non-duplicate: Similar questions that I found always have somebody losing the decryption key and I agree that recovery should be impossible in those cases.

I have a Redmi Note 4 (mido) Android phone with a broken screen: the screen lights up, but otherwise it stays entirely "black". I already replaced the screen, but with no luck - the cause of the error must be somewhere else. The phone has data-encryption enabled with an unlock-pattern. Now I'm trying to access the data on the phone, but did not succeed so far. Here is what I've done so far: - Connected the phone to a PC over USB. - Started the phone in fastboot-mode by pressing and holding the buttons vol-down and power simultaneously. - Booted the latest version of TWRP for mido : fastboot boot twrp-3.3.1-0-mido.img. - Opened adb shell and presumably managed to decrypt the data (found instructions in the TWRP Commandline Guide ): TWRP decrypt: ~ # twrp decrypt 41236 Attempting to decrypt data partition via command line. Data successfully decrypted, new block device: '/dev/block/dm-0' Updating partition details... ...done Unable to mount storage ~ # Unfortunately, the block device /dev/block/dm-0 cannot be mounted. This is the result of fdisk: ~ # fdisk -l /dev/block/dm-0 Disk /dev/block/dm-0: 57.0 GB, 57033580032 bytes 255 heads, 63 sectors/track, 6933 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk /dev/block/dm-0 doesn't contain a valid partition table So I pulled an Image of the block device with adb pull /dev/block/dm-0. This image has a size of 57,033,580,032 bytes. I tried to mount this image in Ubuntu 20.04, but did not succeed: # file /media/sf_U_DRIVE/Note4Data/dm-0.img /media/sf_U_DRIVE/Note4Data/dm-0.img: data # fdisk -l /media/sf_U_DRIVE/Note4Data/dm-0.img Disk /media/sf_U_DRIVE/Note4Data/dm-0.img: 53,12 GiB, 57033580032 bytes, 111393711 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes # mount -o loop /media/sf_U_DRIVE/Note4Data/dm-0.img /mnt/Note4Data mount: /mnt/Note4Data: wrong fs type, bad option, bad superblock on /dev/loop3, missing codepage or helper program, or other error. # mount -t ext4 -o loop /media/sf_U_DRIVE/Note4Data/dm-0.img /mnt/Note4Data [ 6986.649794] EXT4-fs (loop3): VFS: Can't find ext4 filesystem mount: /mnt/Note4Data: wrong fs type, bad option, bad superblock on /dev/loop3, missing codepage or helper program, or other error. # mount -t f2fs -o loop /media/sf_U_DRIVE/Note4Data/dm-0.img /mnt/Note4Data [ 7004.610412] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 7004.615289] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock mount: /mnt/Note4Data: wrong fs type, bad option, bad superblock on /dev/loop3, missing codepage or helper program, or other error. I wonder if I need to mount the image in another way (with offsets? with LVM?) or if the decryption did not work. TWRP creates a log file in **/tmp/recovery.log**. After running the twrp decrypt command, the following lines are added: I:Command 'decrypt 41236' received I:Set page: 'singleaction_page' I:operation_start: 'TWRP CLI Command' Attempting to decrypt data partition via command line. D:crypt_ftr->fs_size = 111393711 I:starting verify_hw_fde_passwd I:Using scrypt with keymaster for cryptfs KDF I:TWRP keymaster max API: 3 I:Signing safely-padded objectkeymaster module name is Keymaster QTI HAL keymaster version is 256 Found keymaster1 module, using keymaster1 API. I:Extra parameters for dm_crypt: fde_enabled ice I:target_type = req-cryptI:real_blk_name = /dev/block/mmcblk0p49, extra_params = fde_enabled iceE:test mount returned 0 I:Found no matching fstab entry for uevent device '/devices/virtual/block/dm-0' - add I:Found no matching fstab entry for uevent device '/devices/virtual/block/dm-0' - change Data successfully decrypted, new block device: '/dev/block/dm-0' I:Can't probe device /dev/block/dm-0 I:Unable to mount '/data' I:Actual block device: '/dev/block/dm-0', current file system: 'ext4' Updating partition details... I:Can't probe device /dev/block/dm-0 I:Unable to mount '/data' I:Actual block device: '/dev/block/dm-0', current file system: 'ext4' I:Unable to mount '/sdcard1' I:Actual block device: '', current file system: 'auto' I:Unable to mount '/usb-otg' I:Actual block device: '', current file system: 'auto' ...done I:Can't probe device /dev/block/dm-0 I:Unable to mount '/data' I:Actual block device: '/dev/block/dm-0', current file system: 'ext4' Unable to mount storage /data | /dev/block/dm-0 | Size: 0MB Used: 0MB Free: 0MB Backup Size: 0MB Flags: Can_Be_Mounted Can_Be_Wiped Can_Be_Backed_Up Wipe_During_Factory_Reset Wipe_Available_in_GUI IsPresent Can_Be_Encrypted Is_Encrypted Is_Decrypted Has_Data_Media Can_Encrypt_Backup Use_Userdata_Encr Symlink_Path: /data/media Symlink_Mount_Point: /sdcard Primary_Block_Device: /dev/block/mmcblk0p49 Decrypted_Block_Device: /dev/block/dm-0 Crypto_Key_Location: footer Length: -16384 Display_Name: data Storage_Name: Internal Storage Backup_Path: /data Backup_Name: data Backup_Display_Name: Data Storage_Path: /data/media Current_File_System: ext4 Fstab_File_System: ext4 Backup_Method: files MTP_Storage_ID: 65539 I:Unmounting main partitions... I:Done reading ORS command from command line I:operation_end - status=0 I:Set page: 'decrypt_pattern' I:Set page: 'main' I:Set page: 'clear_vars' I:Set page: 'main2' SELinux contexts loaded from /file_contexts Full SELinux support is present. I:Can't probe device /dev/block/dm-0 I:Unable to mount '/data' I:Actual block device: '/dev/block/dm-0', current file system: 'ext4' I:Unable to mount settings storage during GUI startup. I:Copying file /cache/recovery/log to /cache/recovery/last_log I:Can't probe device /dev/block/dm-0 I:Unable to mount '/data' I:Actual block device: '/dev/block/dm-0', current file system: 'ext4' I:Can't probe device /dev/block/dm-0 I:Unable to mount '/data' I:Actual block device: '/dev/block/dm-0', current file system: 'ext4' Unable to mount /data/media/TWRP/.twrps I:Attempt to load settings from settings file... I:InfoManager file '/data/media/TWRP/.twrps' not found. I:Backup folder set to '/data/media/TWRP/BACKUPS/f707e0500604' I:Copying file /etc/recovery.fstab to /cache/recovery/recovery.fstab I:Version number saved to '/cache/recovery/.version' I:Can't probe device /dev/block/dm-0 I:Unable to mount '/data' I:Actual block device: '/dev/block/dm-0', current file system: 'ext4' I:Unable to mount '/sdcard1' I:Actual block device: '', current file system: 'auto' I:Unable to mount '/usb-otg' I:Actual block device: '', current file system: 'auto' I:TWFunc::Set_Brightness: Setting brightness control to 255 I:PageManager::LoadFileToBuffer loading filename: '/twres/languages/en.xml' directly parsing languageFile parsing languageFile done I:Translating partition display names I:Backup folder set to '/data/media/TWRP/BACKUPS/f707e0500604' I:Starting MTP I:[MTP] Starting MTP I:Can't probe device /dev/block/dm-0 I:Unable to mount '/data' I:Actual block device: '/dev/block/dm-0', current file system: 'ext4' MTP Enabled I:Check_Lifetime_Writes result: '648837' I:Switching packages (TWRP) I:Starting Adb Backup FIFO I:Set page: 'main' I:Set page: 'clear_vars' I:Set page: 'main2' I:[MTP] created new mtpserver object I:[MTP] MtpServer::run fd: 18 I:TWFunc::Set_Brightness: Setting brightness control to 5 I:TWFunc::Set_Brightness: Setting brightness control to 0 Any ideas what I should try next or where I could find helpful information?

I've got a locked Samsung Galaxy Note 10+ 5G (running the latest android 10 and patches) The phone is locked with a pattern (unknown) What are my chances of any data extraction with cellebrite or other forensics tools while I can not unlock the phone? Also how secure is Knox efuse? will it damage the phone/data when an untrusted bootloader is detected?

My photos were encrypted on my phone, a Samsung Galaxy S20 FE with an SD card, but I had a problem with the fingerprint sensor which forced me to factory reset my phone. After that, I can't access any photos. It thinks that the phone has changed. Is there a solution to make the photos known on mobile?

How would I go about encrypting my brand new 256GB SD-card, which is meant for my Android phone, considering the following: - Card should be usable across multiple Android devices, and other platforms (Linux..). As a consequence, native Android SD-card encryption is not a solution as the contents are not readable on other platforms, nor recoverable if the phone fails or needs a reset. - Use case is protecting data, mostly pictures, from phone thief/finder, **not** from a gvt agency or police. My understanding is that most encryption methods are broken on Android for these purposes as the keys are often accessible from memory. In that sense, the phone is considered trusted once unlocked, so encryption should be transparent so that files are accessible via standard phone apps (i.e. pictures show in Gallery). Ideas: - Full disk encryption methods such as Luks. I found this program : EDS which apparently can mount Luks volume if the phone is rooted. I have no idea how efficient this is performance-wise, or if it is safe for the card. - Commercial programs using their own file-based encryption but available on multiple platforms such as Boxcryptor, or Cryptomator. Their purpose is originally to encrypt files before storing them in the cloud. It doesn't seem that I can access files using regular apps using this solution. - Changing my phone to one on which I can install UbPorts :) - Using Termux and rooting the phone to mount a gocryptfs or other encrypted file system - Using Android default sd card encryption (FDE/FBE), dumping memory to get access to the encryption key and using that from Linux to access files - Other welcome idea ! I cannot find any info about this use case which seems very strange to me.. Thank you very much for any input !

The question is simple, I just want to know what does below message means? > ### Your encrypted data is locked on this device > > For security, you can no longer access your encrypted data on this device. Try again using a device that you’ve recently used to sign in to your Google Account.

If someone doesn't know the password required on boot, is there a way to access the data on the device? It should be encrypted, but I read about Samsung adding something called Maintenance Mode where you can prevent repair techs from accessing your data. From this I assume it's otherwise possible for them to access your data even if they don't know the password. And if a repair tech can access the data, then a phone thief can as well. If this data can't be accessed, then what's the point of Maintenance Mode and similar features on other brands?

Does the database password ever get sent to the Google servers if I use KeepasDX app to open and decrypt a file stored on Google Drive storage via SAF? If I am opening a .kdbx database file through generic android file picker (documentsui, invoked by the app upon clicking "Use existing database" button) using Google Drive's SAF (Storage access framework to do so) will the password/has/key be shown to the server when I decrypt it inside the app or is the decryption done locally?

- Say I have Android 10+. (This means phone is encrypted with FBE?) - I am using internal storage I want to copy files to my desktop. - I just need USB cable and choose use it for File Transfer. - On Windows I could use quick share? These are the only two methods not using intermediaries (Google photos, Dropbox) Would this methods work as well if I install SD Card?

I have noticed that fingerprint unlocking on Android is pretty insecure. If you make 5 failed attempts (which is quite a lot), the phone just disables the scanner for 30 seconds and then re-enables it. I would like to reduce the number of attempts before disabling the scanner, and then set it to require the password before unlocking. Google searches for this have revealed many pages of results of people wanting to make their phones _less_ secure by increasing the number of attempts or disabling the horrific 30 second waiting period, but am I the only one concerned that it is pretty insecure as it is? I don't want to have to disable fingerprint unlock, as I have a very secure password set that would be a bit of a pain to enter every time I unlocked my phone. Likewise with passwords, the "Automatically wipe after x failed password attempts" option seems to have disappeared from my phone as of the Oreo update, and there is a fixed 30 second waiting period every 5 attempts, which means that with a reasonable pool of guesses, anyone could brute force my password with enough tries. How can I reduce the number of attempts required before disabling the fingerprint scanner and then set it to require my password before unlocking?

I have a Galaxy S3 with OS 4.4.4 and am required to encrypt it for my job. I greatly prefer to use the PIN lock screen instead of the password due to the annoyance of having to type in the password every time you want to check your phone. After updating to 4.4.4 and setting up the phone from a factory reset it will ONLY allow me to choose "Password" for the lock screen type when I go to encrypt. However, I have been able to select both "Password" and "PIN" before 4.4.4/factory reset. (now the PIN option is grayed out and says 'Turned off by administrator, encryption policy, or credential storage'). What exactly has caused my phone to no longer accept the PIN? Was there some update to the security settings? Is there any way to restore the PIN functionality?

**Phone:** Google Pixel 3a XL **OS:** Lineage **Goal:** Retrieve personal data like photos **Problems:** Forgot password pattern; user data encrypted I **forgot the password pattern** to my Google Pixel 3a XL and want to **get my photos** out before doing a factory reset. **What I've done already:** 1. Entered Recovery Mode 2. Enabled ADB and connected Phone to Laptop (Arch Linux (Manajaro)) 3. Flashed TWRP image onto phone: adb reboot boatloader, fastboot boot twrp.img 4. With TWRP UI on phone, I deleted a db file related to passwords in folder data/system/ 5. Also accidentally deleted device_policies.xml, but created a new device_policies.xml and pushed it via adb 6. Booted OS/Lineage normally 7. Wasn't asked for a password anymore, but on display, it was saying "Smartphone is starting...", but nothing happened* 8. I was still able to swipe from top downwards, connected to WiFi, opened the settings, enabled USB debugging, and set a new password (this time 4 digits) 9. Repeated 1.-3., created backup with TWRP, did some other things with TWRP that I don't recall anymore (did not delete any more files though;) 10. Booted OS/Lineage normally again 11. Tried to decrypt the phone via settings, but the option seemed disabled 12. Repeated 1.-3. 13. Tried to decrypt data via TWRP - was asked for a password but the one I created before (see step 8) wasn't accepted 14. Tried to pull data via adb but no permission (I'm SU, rooted) 15. Now trying to boot OS normally fails - infinite Lineage logo animation **What I would like to achieve:** I only care about **retrieving my personal data** from the main user profile of that phone - i.e. the photos. The problem is that neither can I pull data via adb nor decrypt the data via TWRP. What options do I have left now? Please help - and keep in mind that I'm a complete noobie. Could I somehow get the whole (relevant) partition out of the phone onto my laptop and then maybe try to decrypt the data using some brute force tool? Or is there maybe an easier way to get the data? ***) Update:** Don't know if the "Smartphone is starting..." message is related to the previously taken steps, since it only appeared after swiping to open the screen - which wasn't possible before due to the password protection which I bypassed by deleting that file (see 8.)

I accidentally wiped the **metadata** partition along with **Dalvik/ART Cache** and **Cache** using TWRP and now I can't boot into the OS. **Internal Storage** and **USB-OTG** were excluded. I know that the data is still on the phone, but that it's encrypted, so I've already tried the following: 1) Inside TWRP > Wipe > Advanced Wipe, I tried to **Repair or Change File System**, but no luck there. 2) I connected the phone to a PC and used these adb commands to try to backup the raw data: - *adb pull /dev/block/by-name/userdata* - *adb pull /dev/block/by-name/metadata* This backed up everything (128 GB of userdata - the whole phone memory, and the metadata partition which is 16 MB), so If I'm correct, this should be my data, but it's encrypted. Since the metadata partition was wiped, I now have no access to the keys that are used to decrypt this data. My question is, how can I decrypt this or mount it somewhere, either on the phone or Windows/Linux? What do I do next with the files that I backup up? 3) I have also tried to flash a newer version of the ROM using **fastboot**, so that the phone will hopefully boot, but that didn't help either. Probably because the **Internal Storage** says **0mb**, I got lots of errors while trying to flash it with fastboot. Is there any way to backup my data (files, photos...)? Either by somehow fixing what I did wrong and booting into the OS or just by connecting the phone to a PC and using adb or any other method? When I boot into TWRP, the **Internal Storage** says **0mb** and the TWRP built-in **File Manager** can see some folders and files but cannot access all of them. For example, it doesn't show anything inside the data folder, which is what I care about saving. But inside TWRP > Mount, there's an option that says **Decrypt Data**. When I click on it, it asks for a **password**. What is this password, and where is it stored? It’s not the PIN used to unlock the phone, so what is it? If there’s no way to find out the current password, how can I find it when the phone is fully working and decrypted, so I have it in case I need it later? The phone is Poco F3 with Android 13 Custom ROM from Xiaomi.eu, rooted with Magisk **v27** and alioth TWRP version **3.7.0-12-POCOF3-v7.9_A13**, if that helps. I know I can flash a new ROM and boot the phone. But right now, I don't care about fixing the phone, just about my data, and I just want to save it if possible in any way? It may even be encrypted, doesn't matter, as long as I can decrypt it later and access it.

On a first-generation Pixel that is running Pie, in locksettings.db there is a field named sp-handle that contains a 64-bit value. sp is an abbreviation for "synthetic password". Under /data/system_de/0/spblob there are three files: + 0000000000000000.handle + XXXXXXXXXXXXXXXX.pwd + XXXXXXXXXXXXXXXX.secdis + XXXXXXXXXXXXXXXX.spblob XXXXXXXXXXXXXXXX is the lowercase hexadecimal representation of the aforementioned 64-bit value. (I actually have several sets of pwd/secdis/spblob (some missing the spblob or the secdis file—I cannot remember which) presumably due to my attempts to get TWRP to decrypt my Pixel.) There are also files under /data/misc/keystore/user_0 named 1000_USRSKEY_synthetic_password_XXXXXXXXXXXXXXXX and .1000_chr_USRSKEY_synthetic_password_XXXXXXXXXXXXXXXX. These "synthetic passwords" are mentioned and used in [TWRP](https://github.com/omnirom/android_bootable_recovery/blob/0bd7c590266a944f415cf05ea44c9715b4445dbb/crypto/ext4crypt/Decrypt.cpp) and [SyntheticPasswordManager.java](https://android.googlesource.com/platform/frameworks/base/+/android-8.0.0_r4/services/core/java/com/android/server/SyntheticPasswordManager.java) . They are used in decryption, but I can't tell *how* they are used in it or if they are also used in password authentication. Are they used to decrypt /data/misc/vold/user_keys/ce/0/current/encrypted_key (which I'm told is used in file-based encryption)? What are the purpose of the .pwd, .secdis, and .spblob files? Are the files gatekeeper.*.key used in deriving synthetic passwords? ### Update [This](https://www.qualcomm.com/media/documents/files/file-based-encryption.pdf) paper from Qualcomm goes into greater detail on "synthetic passwords" than the source code, but it doesn't answer the more important questions like: + What is the purpose of and what is inside of XXXXXXXXXXXXXXXX.spblob? + What is the purpose of and what is inside of XXXXXXXXXXXXXXXX.pwd? What is the purpose of and what is inside of XXXXXXXXXXXXXXXX.secdis? + Is the authentication token used in decrypting the CE key?

I am very new to Android's FBE and still learning the basics. From what I could understand, the way FBE works is that for each file to be stored on the disk, the kernel requests for a key from some secure hardware logic. The kernel then assigns this key to the file to be encrypted and is then stored on the disk. When that file is read from the disk in future, the kernel will use the same key to decrypt it.  1. Since there are multiple files that use multiple keys, who keeps track of the key used to encrypt each file? 2. Are these details stored in some secure non-volatile memory? If the device is reboot, and the keys removed from RAM, how is this information mapped again? 3. If some files are deleted on the disk, do the keys get re-used?