anedroid
/
cryptoutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
10 Commits 1 Branch 0 Tags 78 KiB
Python 100%
Go to file
Anedroid bf9787f3fb
Version 3 - optimized key derrivation 		2024-02-15 19:34:42 +01:00
LICENSE Initial commit 2024-01-23 23:24:49 +01:00
README.md Version 3 - optimized key derrivation 2024-02-15 19:34:42 +01:00
symmetric-encryption.py Version 3 - optimized key derrivation 2024-02-15 19:34:42 +01:00

README.md

Rename these scripts as you like.

To encrypt a file:

./symmetric-encryption.py < plaintext > encrypted

To decrypt a file:

./symmetric-encryption.py -d < encrypted > plaintext

To use a passphrase file instead of TTY:

./symmetric-encryption.py -p keyfile ...

Encryption model

Version 3

graph LR
random((random))
passphrase[/passphrase/]
init_vector1[init vector]
key_data[key data]
master_key[<b style="color:red">master key</b>]
enc_master[AES]
key[<b style="color:red">key</b>]
AES[AES]
init_vector[init vector]
encrypted((encrypted))
unencrypted[/unencrypted/]

subgraph global
	random==>master_key
	random-->init_vector--1-->encrypted
	random-->seed--2-->encrypted
	init_vector-->AES--4-->encrypted
	master_key--key-->AES
	unencrypted--data-->AES
end

subgraph user
	random-->init_vector1--1-->key_data
	init_vector1-->enc_master
	passphrase==>key-->enc_master
	seed==>key
	enc_master--2-->key_data
	master_key--data-->enc_master
	key_data--3a-->encrypted
end

Version 2

graph LR
random((random))
encrypted((encrypted))
init_vector[init vector]
master_key[<b style="color:red">master key</b>]
unencrypted[/unencrypted/]

subgraph global
	random-->init_vector--1-->encrypted
	random==>master_key
	
	init_vector-->AES
	master_key--key-->AES
	unencrypted--data-->AES
	AES--3-->encrypted
end

subgraph user1[user]
	passphrase1[/passphrase/]
	key1[<b style="color:red">key</b>]
	AESGCM1[encrypted master key]
	nonce1[nonce]
	init_vector1[init vector]
	key1_data[key data]
	
	key1_data--2a-->encrypted

	random-->nonce1--1-->key1_data
	nonce1==>key1
	passphrase1==>key1

	random-->init_vector1--2-->key1_data
	init_vector1-->AESGCM1
	key1--key-->AESGCM1
	master_key--data-->AESGCM1--3-->key1_data
end

Version 1

graph LR
random((random))
passphrase[/passphrase/]
unencrypted[/unencrypted/]
hmac[HMAC]
init_vector[init vector]
master_key[<b style="color:red">master key</b>]
encrypted((encrypted))

random-->salt--1-->encrypted
salt-->hmac--2-->encrypted
passphrase-->hmac

passphrase==>master_key
random-->nonce==>master_key
nonce--3-->encrypted

random-->init_vector--4-->encrypted
init_vector-->AES--5-->encrypted
master_key-->AES
unencrypted-->AES