Clarify that the diagram explains the master key DEcryption process

author: Jakob Unterwurzacher 2016-02-06 11:10:22 +0100
committer: Jakob Unterwurzacher 2016-02-06 11:10:22 +0100
commit: 189cedf8450e7fe6597ac523e4f250c83a1a1f63 (patch)
tree: 5db120232767e6f284ea90c7157d3edb78a1810f /docs
parent: 0b1642019eab56a004c9b0d77a314f6059d81611 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/docs/security.md b/docs/security.md
index 49bfa8a..b368119 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -10,9 +10,11 @@ Master Key Storage
 
 The master key is used to perform content and file name encryption.
 It is stored in `gocryptfs.conf`, encrypted with AES-256-GCM using the
-Key Encryption Key (KEK).
+Key Encryption Key (KEK). The KEK is generated from the user password
+using `scrypt`.
 
-The KEK is generated from the user password using `scrypt`.
+When mounting a filesystem, the user is prompted for the password and
+the master key is decrypted:
 
 ![](img/master-key.svg)
author	Jakob Unterwurzacher	2016-02-06 11:10:22 +0100
committer	Jakob Unterwurzacher	2016-02-06 11:10:22 +0100
commit	189cedf8450e7fe6597ac523e4f250c83a1a1f63 (patch)
tree	5db120232767e6f284ea90c7157d3edb78a1810f /docs
parent	0b1642019eab56a004c9b0d77a314f6059d81611 (diff)