Anedroid bf9787f3fb | ||
---|---|---|
LICENSE | ||
README.md | ||
symmetric-encryption.py |
README.md
Rename these scripts as you like.
To encrypt a file:
./symmetric-encryption.py < plaintext > encrypted
To decrypt a file:
./symmetric-encryption.py -d < encrypted > plaintext
To use a passphrase file instead of TTY:
./symmetric-encryption.py -p keyfile ...
Encryption model
Version 3
graph LR
random((random))
passphrase[/passphrase/]
init_vector1[init vector]
key_data[key data]
master_key[<b style="color:red">master key</b>]
enc_master[AES]
key[<b style="color:red">key</b>]
AES[AES]
init_vector[init vector]
encrypted((encrypted))
unencrypted[/unencrypted/]
subgraph global
random==>master_key
random-->init_vector--1-->encrypted
random-->seed--2-->encrypted
init_vector-->AES--4-->encrypted
master_key--key-->AES
unencrypted--data-->AES
end
subgraph user
random-->init_vector1--1-->key_data
init_vector1-->enc_master
passphrase==>key-->enc_master
seed==>key
enc_master--2-->key_data
master_key--data-->enc_master
key_data--3a-->encrypted
end
Version 2
graph LR
random((random))
encrypted((encrypted))
init_vector[init vector]
master_key[<b style="color:red">master key</b>]
unencrypted[/unencrypted/]
subgraph global
random-->init_vector--1-->encrypted
random==>master_key
init_vector-->AES
master_key--key-->AES
unencrypted--data-->AES
AES--3-->encrypted
end
subgraph user1[user]
passphrase1[/passphrase/]
key1[<b style="color:red">key</b>]
AESGCM1[encrypted master key]
nonce1[nonce]
init_vector1[init vector]
key1_data[key data]
key1_data--2a-->encrypted
random-->nonce1--1-->key1_data
nonce1==>key1
passphrase1==>key1
random-->init_vector1--2-->key1_data
init_vector1-->AESGCM1
key1--key-->AESGCM1
master_key--data-->AESGCM1--3-->key1_data
end
Version 1
graph LR
random((random))
passphrase[/passphrase/]
unencrypted[/unencrypted/]
hmac[HMAC]
init_vector[init vector]
master_key[<b style="color:red">master key</b>]
encrypted((encrypted))
random-->salt--1-->encrypted
salt-->hmac--2-->encrypted
passphrase-->hmac
passphrase==>master_key
random-->nonce==>master_key
nonce--3-->encrypted
random-->init_vector--4-->encrypted
init_vector-->AES--5-->encrypted
master_key-->AES
unencrypted-->AES