S.S.E. File Encryptor - Format Specifications
(format version 5 - draft)

File Encryption Format

*A - Compression: TAR archive; Chosen algorithm (*H) or "store only"; 256 bits BLAKE3 integrity check for each file within archive;
*B - Encryption: Chosen algorithm in CTR mode;
*C - Random data block: Random characters ("a-z" and "0-9" only); Quick password verification;
*D - MAC: BLAKE3 in authentication mode; 256 bits; Encrypt-then-Authenticate;
*E - Salt: Size defined in *K;
*F - Version: Format version = 5;
*G - Encrypted Config: XORed with 1B key generated for this purpose;
*H - Compression Algorithm Codes:
• 0 = No Compression
• 1 = DEFLATE
• 2 = Kanzi (level 1-9)
*I - Encryption Algorithm Codes:
• 0 = AES (256 bit)
• 1 = RC6 (256 bit)
• 2 = Serpent (256 bit)
• 4 = Twofish (256 bit)
• 6 = Blowfish (448 bit)
• 7 = Threefish (1024 bit) : (for PRO version)
• 8 = SHACAL-2 (512 bit) : (for PRO version)
• 9 = Paranoia C4 (2048 bit) : (for PRO version - cascade of Threefish–Serpent–AES–SHACAL2)
*J - Custom KDF parameters: related to Argon2id; lower 4 bits for t parameter multiplier; higher 4 bits for m; t = tbase * 2^multiplier;
*K - Salt size: Multiplier, where for size in bits applies: size = 64 * 2^multiplier; current default 256 bits;

Asymmetric Encryption

Instead of a password, public/private keys are used (probably CRYSTALS-Kyber, ...) - the format differs in this case as follows:
1) *E - Symmetric Cipher Key Material: Encrypted by the asymmetric cipher;
2) *J - not used, mimicking the same setting as symmetric (obfuscation of the encryption method used - pure symmetric / asymmetric);
3) *K - not used, —||—;

Key Derivation Function

• STEP 1: HKDF(password)
(Skein-1024 based HKDF; Stored in device's RAM during session; 2048 bits;)
• STEP 2: Argon2id(STEP 1, salt)
(New run (new salt) for every single encryption operation; 2048 bits;)
• STEP 3: 4 x HKDF(STEP 2)
(SHA3-512 based HKDF; For encryption key, authentication key (256 bits), nonce, config XOR key;)

Notes:
• For cascaded algorithms, a longer key and nonce is generated in step 3, which are then split to get unique key and nonce for each algorithm.
• In the case of asymmetric encryption, step 2 is omitted - however a new key material (password) will be generated for every single encryption operation.
• Characters that are not from ASCII range 32-126 are converted to unicode code point numbers (for example: password "contraseña" equals "contrase241a").

Argon2id Base Parameters:
t = 10
m = 10240 kB
h = 4

S.S.E. 1.8.0+ Argon2id Parameters Modifiers:
t: 0001b ⇒ t = 10 * 2^1 = 20
m: 0001b ⇒ m = 10240 * 2^1 = 20480 kB

Implementations


<< Other Specifications