diff --git a/Paste-Encryption.md b/Paste-Encryption.md
new file mode 100644
index 0000000..8797036
--- /dev/null
+++ b/Paste-Encryption.md
@@ -0,0 +1,51 @@
+# Paste Encryption
+
+## Data passed in
+The following data is what we pass in
+
+    paste_password: UTF-8 string
+    paste_data: UTF-8 text
+
+## Process data
+If paste_password is not set:
+
+    paste_passphrase = base64(random(32))
+
+if a paste_password has been specified:
+
+    paste_passphrase = base64(random(32)) + hex(sha256(paste_password))
+
+Processing of the paste_data:
+
+    paste_blob = base64(zlib.compress(paste_data))
+
+The paste_blob is passed base64 encoded to the AES function.
+
+## Key generation for encryption (PBKDF2)
+
+    kdf_salt = random(7) - 7 bytes   **<<< does this need to be base64 encoded?**
+    kdf_iterations = 1000
+    kdf_keysize = 256 # bits of resulting kdf_key
+
+    kdf_key = PBKDF2HMAC(SHA256, kdf_keysize, kdf_salt, paste_password)
+
+**Does the kdf_key need to be base64 encoded to pass it into AES?**
+
+# Encryption
+
+    cipher_iv = random(16) # 128 bit **<<<< does this need to be base64 encoded passing it into the AES function?**
+    cipher_strength = 128
+    cipher_associated_data = ""
+
+    cipher_text = Cipher(AES(kdf_key), GCM(iv, cipher_associated_data), paste_blob)
+
+    cipher_data = {"iv": cipher_iv,
+                   "v": 1,
+                   "iter": kdf_iterations,
+                   "ks": kdf_keysize,
+                   "ts": cipher_strength,
+                   "mode": cipher_mode,
+                   "adata": cipher_associated_data,
+                   "cipher": cipher_algo,
+                   "salt": kdf_salt,
+                   "ct": cipher_text}
\ No newline at end of file