Skip to content

Latest commit

 

History

History
17 lines (12 loc) · 1.28 KB

SPEC.md

File metadata and controls

17 lines (12 loc) · 1.28 KB

Description

This file describes the cryptography done by eddy. It can be used to recreate the program (or build a new one) to, for example, decrypt already encrypted files.

Outline

eddy uses ChaCha20 stream cipher together with BLAKE2b hash function in keyed mode for file authentication (MAC). The 256 bit ChaCha20 key is produced by passing user provided or randomly generated password (passphrase) and a random 16-byte salt to scrypt KDF with the following parameters: n=65536, r=8, p=1, keyLen=32.

After initializing a ChaCha20 instance with the key from the previous step and a random 12-byte nonce, a BLAKE2b key is generated by XORing a 64-byte zero-block using this instance - in Go, such a block is created with make([]byte, 64).

The file MAC tag is calculated from the ciphertext, not plaintext. This is called "Encrypt-then-MAC" (EtM).

File format

An encrypted file has the following structure. No delimiters or flags. This provides plausible deniability - the file is generally indistinguishable from, say, a compressed file or a randomly generated one.

nonce scrypt salt MAC tag ecnrypted file contents
12 bytes 16 bytes 64 bytes 0~256GiB