FP3 Encryption - How works?

Hi everybody,
questions about the safety of the device that came up after reading this:
I have installed /e/ on my FP3, version e-0.9-p-2020042851613-dev-FP3. The system is encrypted by default. I set a PIN the first time I started, and now I have replaced this PIN with a screen lock password for more security.
I would like to know if the encryption (or generation of the cryptographic key, i am not sure…) of my device was based on the PIN I entered the first time it was started and if my device will remain encrypted forever with the PIN entered the first time it was started, or if the PIN > unlock password change creates a new cryptographic key.
I would be very happy to read a few links on these topics to help me better understand how device encryption works and how to act for maximum security.
I’m a beginner and maybe I don’t use the correct terms. I apologize.
Thank you!

Hi :slight_smile:

The encryption key was created before you set a PIN code because your phone has encryption by default (even if you set no PIN/password). This key is stored in a secure component of the phone.

When you set the PIN, the encryption/decryption key has been encrypted thanks to the PIN code. So to decrypt the phone, you need to enter your PIN code.

When you replaced the PIN by a password, the encryption key has been decrypted thanks to the PIN code and encrypted again thanks to your password.

That’s why you don’t need to enter in a full encryption process each time you change the PIN/password. The encryption key is always the same, until your format the phone.


Hi Anonyme :slightly_smiling_face:
Thank you for your clear explanation. It seems more secure to me to use a password rather than a PIN because the type of characters that make it up is wider.

1 Like