*A - Compression: TAR archive; Chosen algorithm (*H) or "store only"; 256 bits BLAKE3 integrity check for each file within archive; *B - Encryption: Chosen algorithm in CTR mode; *C - Random data block: Random characters ("a-z" and "0-9" only); Quick password verification; *D - MAC: BLAKE3 in authentication mode; 256 bits; Encrypt-then-Authenticate; *E - Salt: Size defined in *K; *F - Version: Format version = 5; *G - Encrypted Config: XORed with 1B key generated for this purpose; *H - Compression Algorithm Codes:
*J - Custom KDF parameters: related to Argon2id; lower 4 bits for t parameter multiplier; higher 4 bits for m; t = tbase * 2^multiplier; *K - Salt size: Multiplier, where for size in bits applies: size = 64 * 2^multiplier; current default 256 bits;
Asymmetric Encryption
Instead of a password, public/private keys are used (probably CRYSTALS-Kyber, ...) - the format differs in this case as follows:
1) *E - Symmetric Cipher Key Material: Encrypted by the asymmetric cipher;
2) *J - not used, mimicking the same setting as symmetric (obfuscation of the encryption method used - pure symmetric / asymmetric);
3) *K - not used, —||—;
Key Derivation Function
• STEP 1: HKDF(password)
(Skein-1024 based HKDF; Stored in device's RAM during session; 2048 bits;)
• STEP 2: Argon2id(STEP 1, salt)
(New run (new salt) for every single encryption operation; 2048 bits;)
• STEP 3: 4 x HKDF(STEP 2)
(SHA3-512 based HKDF; For encryption key, authentication key (256 bits), nonce, config XOR key;) Notes:
• For cascaded algorithms, a longer key and nonce is generated in step 3, which are then split to get unique key and nonce for each algorithm.
• In the case of asymmetric encryption, step 2 is omitted - however a new key material (password) will be generated for every single encryption operation.
• Characters that are not from ASCII range 32-126 are converted to unicode code point numbers (for example: password "contraseña" equals "contrase241a"). Argon2id Base Parameters:
t = 10
m = 10240 kB
h = 4