Created Paste Encryption (markdown)

2017-02-17 11:36:46 +01:00 · 2017-02-17 11:36:46 +01:00 · ec451f22c6
commit ec451f22c6
parent b7434daa1a
1 changed files with 51 additions and 0 deletions
--- a/Paste-Encryption.md
+++ b/Paste-Encryption.md
@ -0,0 +1,51 @@
+# Paste Encryption
+
+## Data passed in
+The following data is what we pass in
+
+    paste_password: UTF-8 string
+    paste_data: UTF-8 text
+
+## Process data
+If paste_password is not set:
+
+    paste_passphrase = base64(random(32))
+
+if a paste_password has been specified:
+
+    paste_passphrase = base64(random(32)) + hex(sha256(paste_password))
+
+Processing of the paste_data:
+
+    paste_blob = base64(zlib.compress(paste_data))
+
+The paste_blob is passed base64 encoded to the AES function.
+
+## Key generation for encryption (PBKDF2)
+
+    kdf_salt = random(7) - 7 bytes   **<<< does this need to be base64 encoded?**
+    kdf_iterations = 1000
+    kdf_keysize = 256 # bits of resulting kdf_key
+
+    kdf_key = PBKDF2HMAC(SHA256, kdf_keysize, kdf_salt, paste_password)
+
+**Does the kdf_key need to be base64 encoded to pass it into AES?**
+
+# Encryption
+
+    cipher_iv = random(16) # 128 bit **<<<< does this need to be base64 encoded passing it into the AES function?**
+    cipher_strength = 128
+    cipher_associated_data = ""
+
+    cipher_text = Cipher(AES(kdf_key), GCM(iv, cipher_associated_data), paste_blob)
+
+    cipher_data = {"iv": cipher_iv,
+                   "v": 1,
+                   "iter": kdf_iterations,
+                   "ks": kdf_keysize,
+                   "ts": cipher_strength,
+                   "mode": cipher_mode,
+                   "adata": cipher_associated_data,
+                   "cipher": cipher_algo,
+                   "salt": kdf_salt,
+                   "ct": cipher_text}