Skip to content
Aug 5, 2019
release: 📦 breaking API by removing GCM encryption mode
this major version 1.0.0 implements the Encrypt-then-MAC approach:
- the IV is randomly generated
- the encryption key is derived from master key by scrypt KDF
- the MAC key is derived from master key by scrypt as well
- the master key is randomly generated
- the message is Base64-encoded then null-padded
- the AEAD header/metadata is the hashed process fingerprint
- the opening is only made of the master key
- the decryption process also runs the scrypt KDF steps
- the commitment is made of the header, IV, cipher and MAC tag
- the MAC function is Blake2B under keyed mode
- the underlying encryption is AES CBC (256-bits key, 128-bits IV)
Jun 3, 2019
release: initial package/library release ft. CLI-interface
You can’t perform that action at this time.