Back to Homepage

GoBD Compliance Report

Technical documentation of implemented security and compliance features

Core Security

Cryptographic Methods

AES-256-GCM (NIST SP 800-38D)

Authenticated Encryption with Associated Data (AEAD)

  • 256-bit Key Length (Quantum-resistant symmetric security)
  • Galois/Counter Mode (GCM) ensuring confidentiality and authenticity
  • Unique 96-bit IV/Nonce per encryption operation
  • Authentication Tag validation prior to decryption (prevents Padding Oracle attacks)
  • Leverages hardware acceleration (ARMv8 Cryptography Extensions)

SHA-256 (FIPS 180-4)

Cryptographic Hash Function for Data Integrity

  • 256-bit digest size
  • Usage: HMAC generation, Key Fingerprinting, File Checksums
  • Pre-image resistance and collision resistance
  • Deterministic output compliant with FIPS PUB 180-4

HKDF-SHA256 (RFC 5869)

HMAC-based Extract-and-Expand Key Derivation Function

  • RFC 5869 compliant key derivation
  • Salt: 32-byte cryptographically secure random value
  • Context binding via application-specific info strings
  • Ensures cryptographic independence of session keys from master key material

Key Management

Secure System Storage

Protected key storage in operating system

  • Access only when device is unlocked
  • Key only available when device is unlocked
  • Local storage without cloud synchronization

Cloud Key Synchronization

Optional key synchronization for multiple devices

  • Secure synchronization via cloud service
  • Cross-device key management
  • Separate key for cloud backups

Key Fingerprint

Cryptographic hash of master key for identification

  • Unique identification without key disclosure
  • Enables key verification
  • Stored in backup metadata

Key Identifier

Enhanced key matching for automatic cloud synchronization

  • Cryptographic hash of cloud master key
  • Automatic key validation during synchronization
  • Prevents restoration with wrong key
  • Verification before each synchronization operation

Automatic Synchronization Encryption

Automatic end-to-end encryption for cloud service

  • Industry-standard encryption for all cloud data
  • Key remains in protected key storage
  • No unencrypted data stored in cloud
  • Transparent encryption and decryption

Biometric Protection

Biometric Authentication

iOS LocalAuthentication Framework integration

  • Asynchronous authentication request
  • System policy evaluation for device unlock
  • Protected actions: key export, data deletion
  • Audit trail: logging without sensitive data

Authentication Fallback

Multi-step authentication with automatic fallback

  • Primary: FaceID / TouchID
  • Secondary: Device passcode
  • Legacy support for older export methods
  • Authentication required for critical actions

Jailbreak Detection

Comprehensive Device Integrity Check

Native implementation without external dependencies

  • Check for known jailbreak URL schemes
  • File system analysis for suspicious paths (40+)
  • Check for readable system directories
  • Sandbox integrity verification
  • Symbolic link detection

Runtime Integrity Checks

Low-level system checks

  • Dynamic library analysis
  • Detects: known injection frameworks and debuggers
  • Process isolation check
  • Sandbox violation = jailbreak detected
  • Immediate response on detection

Privacy Compliance

All checks local, no data transmission

  • Simulator mode: checks disabled
  • Mac Catalyst: separate handling
  • No telemetry, no server reports
  • Result only used locally for view-only mode

Data Integrity

Data Integrity & Tamper Protection

Entry-Level Checksums

Each logbook entry receives a SHA-256 checksum

  • SHA-256 hash over: ID, vehicle, driver, date, locations, odometer, purpose
  • ISO8601 timestamps with millisecond precision (.withFractionalSeconds)
  • Pipe-separated field concatenation for deterministic calculation
  • Automatic recalculation on every change

Log-Level Checksums

Each audit log entry receives its own SHA-256 checksum

  • Calculated from: ID, entry reference, timestamp, change type, field changes
  • Base64-encoded field changes included in checksum
  • Checksum computed and stored at creation time
  • Retroactive tampering detectable

HMAC-SHA256 Signatures

Backup signatures use HMAC-SHA256 (RFC 2104) instead of simple hash

  • Constant-time comparison prevents timing attacks
  • Legacy signature fallback for backwards compatibility
  • Validation before decryption – abort on mismatch
  • XOR-based byte comparison without early-exit

Immutable Change Log

Persistent Audit Trail

Every change is stored as its own entity with checksum

  • Change types: created, modified, completed, deleted
  • Captured data: timestamp, driver, description, checksum
  • Structured field changes with before/after values
  • Automatic timestamp assignment at creation

Reference Preservation on Deletion

Link is severed, audit entry remains preserved

  • Log entries are not deleted when trip is deleted
  • Deleted trip → Audit history remains complete
  • Every deletion is captured as separate audit entry
  • Complete forensic traceability

System Events

Restore operations logged with version information

  • Backup restore is automatically logged
  • Captures: timestamp, app version, backup version
  • Automatic marking as system action
  • Resource limits for memory exhaustion prevention

Deletion Timestamp

Deleted data is marked, not physically removed

  • Deletion time captured on all main entities
  • Entries, drivers, and vehicles with archiving function
  • Historical traceability ensured

Backup Export

Deleted data is fully included in backups

  • All entities including deletion status in backup structure
  • Change log contains deletion operations
  • Restoration with original archiving status

Timestamps & Logging

Creation & Modification Timestamps

Automatic time capture for all data operations

  • Entry creation time
  • Last modification time
  • Trip start and end times

Standardized Time Format

Uniform time format for checksum calculation

  • International standard for date and time representation
  • Millisecond precision
  • Deterministic representation for hash calculation

Server & Backup

Server-Side Verification & WORM Storage

Immutable WORM Storage (Switzerland)

Physically immutable data storage in Azure Switzerland North (Zurich)

  • Write-Once-Read-Many (WORM) technology enforces immutability
  • Legal retention policies technically enforced
  • Data residency exclusively in Switzerland
  • Azure Blob Storage with Time-Based Retention Policies

Server-Side Notarization

Cryptographic signature by trusted server

  • Independent verification of client data before storage
  • HMAC-SHA256 signature with secret server key
  • Prevents retroactive manipulation even if device is compromised
  • Real-time validation of App Check tokens

App Attestation & Integrity

Ensuring app authenticity via Firebase App Check

  • Verification of binary integrity of the Xevono app
  • Blocks requests from manipulated apps or scripts
  • Protection against API abuse and fake entries
  • DeviceCheck / App Attest Integration (iOS)
Server Verification & Azure Details

Backup Format

Encrypted Container

Proprietary format with version detection and integrity checking

  • Magic bytes header for format identification
  • Structured metadata: version, timestamp, encryption type
  • Backup information: device ID, sizes, encryption mode
  • Backwards compatibility with older format versions

Backup Metadata

Structured information for each backup

  • Unique device identifier
  • Number of backed-up logbook entries
  • Size tracking: original → compressed → encrypted
  • Encryption mode indicator

Processing Chain

JSON → Compression → Encryption → Checksum

  • 1. Serialization of logbook data
  • 2. zlib compression
  • 3. AES-256-GCM encryption with session key
  • 4. SHA-256 checksum over encrypted data
  • 5. Container packaging with header

Export & Compliance

GDPdU/GoBD Export

CSV Files

Four separate files for IDEA audit software

  • fahrten.csv: All logbook entries with checksum
  • fahrzeuge.csv: Vehicle master data incl. VIN
  • fahrer.csv: Driver master data with address
  • aenderungsprotokoll.csv: Complete audit trail

index.xml (GDPdU DTD)

Metadata description per gdpdu-01-08-2002.dtd

  • DOCTYPE DataSet SYSTEM 'gdpdu-01-08-2002.dtd'
  • Semicolon (;) as field delimiter
  • Date format: yyyy-MM-dd, DateTime: yyyy-MM-dd HH:mm:ss
  • NSFileCoordinator for atomic ZIP creation
  • DataSupplier: Valeford UG (haftungsbeschränkt)

Gap Detection

Intelligent Gap Detection

Automatic detection of odometer discrepancies

  • Comparison: Expected vs. actual odometer reading
  • Detection at trip start and end
  • User prompt for gap documentation
  • Automatic generation of correction entries

Compliance Conformity

Gapless logbook management per legal requirements

  • Odometer validation for each trip
  • Change log for retroactive corrections
  • Automatic marking of subsequent entries
  • Time period bridging for gap trips

Overview

Technical Overview

ComponentMethodSecurity LevelTechnology
EncryptionGalois/Counter Mode256 bitsCryptoKit (Apple)
Key DerivationHash-based (HKDF)256 bitsCryptoKit (Apple)
Checksum FunctionSHA-256 Hash256 bitsCryptoKit (Apple)
Compressionzlib (DEFLATE)-zlib Library
Key StorageSecure Enclave / Keychain-iOS / iPadOS

References & Standards

NIST SP 800-38D
National Institute of Standards and Technology
FIPS 180-4
National Institute of Standards and Technology
RFC 5869
Internet Engineering Task Force
RFC 2104
Internet Engineering Task Force
SEC 17a-4(f)
Microsoft Learn
Azure Immutable Storage
Microsoft Learn
ISO 8601
Wikipedia
GDPdU / GoBD
Bundesfinanzministerium
iOS Keychain
Apple Security
CryptoKit
Apple Developer
Firebase App Check
Google Firebase
zlib
Wikipedia

Documentation based on Xevono App Version 1.3 (January 2026)

Backup Format Version 2.0 (XVN)