sigtool/internal/pb/hdr.proto

syntax="proto3";


option go_package = "internal/pb";


/*
 * Every encrypted file starts with a header describing the
 * Block Size, Salt, Recipient keys etc. Header represents a
 * decoded version of this information. It is encoded in
 * protobuf format before writing to disk.
 */
message header {
    uint32 chunk_size  = 1; // encryption block size
    bytes  salt        = 2; // master salt (nonces are derived from this)
    bytes  pk          = 3; // ephemeral curve PK
    bytes  sender      = 4; // sender signed artifacts
    repeated wrapped_key keys  = 5; // list of wrapped receiver blocks
}

/*
 * A file encryption key is wrapped by a recipient specific public
 * key. WrappedKey describes such a wrapped key.
 */
message wrapped_key {
    bytes d_key = 1;    // encrypted data key
    bytes nonce = 2;    // nonce used for encryption
}
First working version of encrypt/decrypt * use protobuf for encryption-header * use fixed size file-header (42 bytes) before the encryption-header * add encryption/decryption contexts * teach MakePrivateKey() to fixup its internal public key bits 2019-10-17 14:29:01 -07:00			`syntax="proto3";`


Updated to vtproto inlieu of gogo-slick; verified that protobuf enc/dec are same across both. * updated 'build' to use new vtproto toolchain; * updated go.mod to use vtproto 2023-11-23 21:06:30 -08:00			`option go_package = "internal/pb";`
First working version of encrypt/decrypt * use protobuf for encryption-header * use fixed size file-header (42 bytes) before the encryption-header * add encryption/decryption contexts * teach MakePrivateKey() to fixup its internal public key bits 2019-10-17 14:29:01 -07:00

Added docstring to protobuf file 2020-02-15 11:15:38 -08:00			`/*`
			`* Every encrypted file starts with a header describing the`
			`* Block Size, Salt, Recipient keys etc. Header represents a`
			`* decoded version of this information. It is encoded in`
			`* protobuf format before writing to disk.`
			`*/`
First working version of encrypt/decrypt * use protobuf for encryption-header * use fixed size file-header (42 bytes) before the encryption-header * add encryption/decryption contexts * teach MakePrivateKey() to fixup its internal public key bits 2019-10-17 14:29:01 -07:00			`message header {`
Add sender authenticated message integrity; fixup KDF - use HKDF for producing keys, nonces - add running hmac of plaintext; sender-sign the hmac as trailer - use header checksum as "salt" for data encryption keys, nonces - generate explicit nonce for wrapping root keys for each recipient (previous impl had brittleness) 2022-11-13 11:53:00 -08:00			`uint32 chunk_size = 1; // encryption block size`
			`bytes salt = 2; // master salt (nonces are derived from this)`
			`bytes pk = 3; // ephemeral curve PK`
			`bytes sender = 4; // sender signed artifacts`
			`repeated wrapped_key keys = 5; // list of wrapped receiver blocks`
First working version of encrypt/decrypt * use protobuf for encryption-header * use fixed size file-header (42 bytes) before the encryption-header * add encryption/decryption contexts * teach MakePrivateKey() to fixup its internal public key bits 2019-10-17 14:29:01 -07:00			`}`

Added docstring to protobuf file 2020-02-15 11:15:38 -08:00			`/*`
			`* A file encryption key is wrapped by a recipient specific public`
			`* key. WrappedKey describes such a wrapped key.`
			`*/`
First working version of encrypt/decrypt * use protobuf for encryption-header * use fixed size file-header (42 bytes) before the encryption-header * add encryption/decryption contexts * teach MakePrivateKey() to fixup its internal public key bits 2019-10-17 14:29:01 -07:00			`message wrapped_key {`
Add sender authenticated message integrity; fixup KDF - use HKDF for producing keys, nonces - add running hmac of plaintext; sender-sign the hmac as trailer - use header checksum as "salt" for data encryption keys, nonces - generate explicit nonce for wrapping root keys for each recipient (previous impl had brittleness) 2022-11-13 11:53:00 -08:00			`bytes d_key = 1; // encrypted data key`
			`bytes nonce = 2; // nonce used for encryption`
First working version of encrypt/decrypt * use protobuf for encryption-header * use fixed size file-header (42 bytes) before the encryption-header * add encryption/decryption contexts * teach MakePrivateKey() to fixup its internal public key bits 2019-10-17 14:29:01 -07:00			`}`
Add sender authenticated message integrity; fixup KDF - use HKDF for producing keys, nonces - add running hmac of plaintext; sender-sign the hmac as trailer - use header checksum as "salt" for data encryption keys, nonces - generate explicit nonce for wrapping root keys for each recipient (previous impl had brittleness) 2022-11-13 11:53:00 -08:00