S.S.E. File Encryptor - Format Specifications (version 3)

File Encryption Format

*A - Compression: Zip64 archive; DEFLATE or "store only"; CRC32 for each file within archive;
*B - Encryption: Chosen algorithm in CTR mode;
*C - Random data block: Random characters ("a-z" and "0-9" only); Quick password verification;
*D - MAC: Blake2b in authentication mode; 256 bits; Encrypt-then-Authenticate;
*E - Version: Format version = 3;
*F - Algorithm Codes:
• 0 = AES (256 bit)
• 1 = RC6 (256 bit)
• 2 = Serpent (256 bit) : (Bouncy Castle "Tnepres" implementation)
• 3 = Blowfish (256 bit)
• 4 = Twofish (256 bit)
• 5 = GOST28147 (256 bit)
• 6 = Blowfish (448 bit)
• 7 = Threefish (1024 bit)
• 8 = SHACAL-2 (512 bit)
*G - Custom KDF parameters: related to Argon2id; lower 4 bits for t parameter multiplier; higher 4 bits for m; t = tbase * 2^multiplier;

Key Derivation Function

• STEP 1: HKDF(password)
(Skein-1024 based HKDF; Stored in device's RAM during session; 2048 bits;)
• STEP 2: Argon2id(STEP 1, salt)
(New run (new salt) for every single encryption operation; 2048 bits;)
• STEP 3: 3 x HKDF(STEP 2)
(SHA3-512 based HKDF; For encryption key, authentication key (512 bits), and nonce;)

Argon2id Base Parameters:
t = 10
m = 10240 kB
h = 4

S.S.E. 1.8.0 Argon2id Parameters Modifiers:
t: 0001b ⇒ t = 10 * 2^1 = 20
m: 0001b ⇒ m = 10240 * 2^1 = 20480 kB

<< Other Specifications