1  # Doge Key Manager
 2  
 3  The DKM holds your encrypted master key and generates (derives) private-public
 4  keypairs for pups and other parts of the DogeBox ecosystem.
 5  
 6  ## Key Store
 7  
 8  Keys are encrypted at rest with the DogeBox password and stored on disk.
 9  
10  Passwords are first hashed using Argon2 memory-hard KDF (Argon2id variant)
11  with parameters time=3, memory=64M, threads=4 and the BLAKE2b hash function
12  as recommended in RFC 9106.
13  
14  The password-derived hash is then used to encrypt the master key with
15  ChaCha20 cypher and Poly1305 Authenticated Encryption (AE) scheme.
16  
17  Keys in DKM are only in memory while they are actively being used for
18  Authentication or key derivation.
19