S.S.E. Password Vault - Format Specifications
(format version 4)

Password Vault Format

*A - Compression: XZ format (LZMA2 compression);
*B - Encryption: Chosen algorithm in EAX mode; Tag size - chosen blockcipher block size or 256 bits max;
*C - Algorithm Codes (encrypted config byte):
• 0 = AES (256 bit)
• 1 = RC6 (256 bit)
• 2 = Serpent (256 bit)
• 4 = Twofish (256 bit)
• 6 = Blowfish (448 bit)
• 7 = Threefish (1024 bit) : (for PRO version)
• 8 = SHACAL-2 (512bit) : (for PRO version)
• 9 = Paranoia C4 (2048 bit) : (for PRO version - cascade of Threefish–Serpent–AES–SHACAL2))
     - XORed with 1B key generated for this purpose;
*D - Custom KDF parameters: related to Argon2id; lower 4 bits for t parameter multiplier; higher 4 bits for m; t = tbase * 2^multiplier;
*E - Salt size: Multiplier, where for size in bits applies: size = 64 * 2^multiplier; current default 256 bits;
*F - Salt
*G - Hash: SHA-3 (256 bits) hash of the "DB Format" section; Used only for import purposes;

Notes:
• For cascaded algorithms - the last layer is processed in EAX mode, the others in CTR.

Key Derivation Function

• STEP 1: HKDF(password)
(Skein-1024 based HKDF; Stored in device's RAM during session; 2048 bits;)
• STEP 2: Argon2id(STEP 1, salt)
(New run (new salt) for every single encryption operation; 2048 bits;)
• STEP 3: 3 x HKDF(STEP 2)
(SHA3-512 based HKDF; For encryption key, nonce, config XOR key;)

Notes:
• For cascaded algorithms, a longer key and nonce is generated in step 3, which are then split to get unique key and nonce for each algorithm.
• Characters that are not from ASCII range 32-126 are converted to unicode code point numbers (for example: password "contraseña" equals "contrase241a").

Argon2id Base Parameters:
t = 10
m = 10240 kB
h = 4

S.S.E. 2.0+ Argon2id Parameters Modifiers:
t: 0000b ⇒ t = 10 * 2^0 = 10
m: 0001b ⇒ m = 10240 * 2^1 = 20480 kB


S.S.E. Password Vault - XML File Format

Basic Structure:
<Vault>
   <Folder>
      <Name>Password Folder 1 Title</Name>
      <Comment>Password Folder 1 Comment</Comment>
      <Position>1</Position>
      <IconCode>-256</IconCode>
      <Items>
         <Item>
            <Name>Password Item 1 Title</Name>
            <Password>PASSWORD 1</Password>
            <Comment>Password Item 1 Notes</Comment>
            <Modified>2014-07-14T10:32:32</Modified>
            <IconCode>-256</IconCode>
         </Item>
         <ExtendedItem>
            <Name>Extended Item</Name>
            <Account>Paranoia Works</Account>
            <Password>password</Password>
            <URL>https://paranoiaworks.mobi</URL>
            <Comment>Note</Comment>
            <Modified>2020-01-08T06:05:44</Modified>
            <IconCode>-5635841</IconCode>
            <CustomElements>
                <Element>
                    <Name>Element Title A</Name>
                    <Value>Element Value</Value>
                </Element>
                <Element>
                    <Name>Element Title B</Name>
                    <Value>Element Value</Value>
                </Element>
            </CustomElements>
         </ExtendedItem>
         <KemItem>
            <Name>KEM Item</Name>
            <Algorithm>CRYSTALS-Kyber-1024</Algorithm>
            <PrivateKey>KJi72KW2rc…</PrivateKey>
            <PublicKey>LzjwzRY3Uox…</PublicKey>
            <Secret>kfZbxgK5SB…</Secret>
            <SecretEncapsulated>FclABwCzqb…</SecretEncapsulated>
            <SecretExtracted>kfZbxgK5SB…</SecretExtracted>
            <Comment>Note</Comment>
            <Modified>2023-02-12T14:21:11</Modified>
            <IconCode>-65794</IconCode>
         </KemItem>
      </Items>
   </Folder>
</Vault>
	

Notes:

Implementations


<< Other Specifications