*A - Compression: LZMA algorithm; It's used only if not disabled and if the compressed data size is smaller than the uncompressed one; *B - Encryption: Chosen algorithm in EAX mode; Tag size - chosen blockcipher block size or 256bit max; *C - Salt *D - BASE64: BASE64 encoding without padding; "+" symbol is replaced by ")", "/" by "]"; "!" symbol is attached as the last character; Alternative encodings: Base32 (RFC 4648), Numbers Only (0-9); *E - Config: 1b - custom KDF parameters flag (currently not used); 3b - major version; 2b - minor version; 2b - salt size: multiplier, where for size in bits applies: size = 64 * 2^multiplier (chosen blockcipher block size or 256bit max); *F - Encrypted Config: XORed with 1B key generated for this purpose; *G - Compression Algorithm Codes:
Notes:
• For cascaded algorithms - the last layer is processed in EAX mode, the others in CTR.
Key Derivation Function
• STEP 1: HKDF(password)
(SHA3-512 based HKDF; Stored in device's RAM during session; 2048 bits;)
• STEP 2: Argon2id(STEP 1, salt)
(New run (new salt) for every single encryption operation; 2048 bits;)
• STEP 3: 3 x HKDF(STEP 2)
(SHA3-512 based HKDF; For encryption key, nonce, config 1B key;) Notes:
• For cascaded algorithms, a longer key and nonce is generated in step 3, which are then split to get unique key and nonce for each algorithm.
• Characters that are not from ASCII range 32-126 are converted to unicode code point numbers (for example: password "contraseña" equals "contrase241a"). Argon2id Parameters:
t = 3
m = 30720 kB
h = 4
Steganography (F5 - JPEG)
*A - Steganography: F5 algorithm; Pseudorandom generator based on BLAKE2 hash function; *B - Encryption: Exactly the same process and format as above - only BASE64 encoding is excluded; *C - Steganographic Key: Pseudorandom generator seed; • Argon2 parameters: Exactly the same process and parameters as KDF above; • scrypt parameters: N = 2048, r = 8, p = 5;