v0.18.0

• Changed the numbering of input options:

+———————————————————————————+——————————————————————————+
| [00] Select an option     | [00] Select an action    |
+———————————————————————————+——————————————————————————+
| [10] Use custom settings? |                          |
| [11] Time cost            | [1x] Set custom settings |
| [12] Max padding size     |                          |
| [13] Set fake MAC tag?    |                          |
+———————————————————————————+——————————————————————————+
| [21] Input file path      |                          |
| [22] Comments             | [2x] Enter data,         |
| [23] Output file path     |      data location,      |
| [24] Output file size     |      data size           |
| [25] Start position       |                          |
| [26] End position         |                          |
+———————————————————————————+——————————————————————————+
| [31] Keyfile path         | [3x] Specify input       |
| [32] Passphrase           |      keying material     |
+———————————————————————————+——————————————————————————+
| [40] Proceed?             | [40] Confirm to continue |
+———————————————————————————+——————————————————————————+

• New limitations set to:
  • 2^64 B for output file size (in action 8).
  • 2^64-1 B for cryptoblob size.
  • 10^20 for maximum padding percentage.
  • 2048 B for normalized passphrase size.
• Replaced flat layout with src layout.
• Replaced pycryptodome's ChaCha20 implementation with cryptography's ChaCha20 implementation for better performance.
• Added dependency: cryptography.
• Removed dependency: pycryptodomex.
• Removed -d option.
• Renamed input option: Argon2 time cost renamed to Time cost.
• Replaced os.urandom() with secrets.token_bytes(), and hmac.compare_digests() with secrets.compare_digest().
• Fixed a bug in processing comments.
• Significantly improved debug messages.
• Sanitized logged strings, especially file paths.
• Italic formatting has been removed from log messages.
• Added new warnings.
• Added FAQ.md.
• Performed code refactoring.

BREAKING:

• New way to split Argon2 tag:

+————————————————+———————————————+————————————————+
|                | pad_key_t:16  | Secret values  |
|                +———————————————+ that define    |
|                | pad_key_hf:16 | padding sizes  |
| argon2_tag:128 +———————————————+————————————————+
|                | enc_key:32    | Encryption key |
|                +———————————————+————————————————+
|                | mac_key:64    | MAC key        |
+————————————————+———————————————+————————————————+

• New cryptoblob scheme:

+————————————————————————————————————————+—————————+
| Salt for key stretching (Argon2): 16 B |         |
+————————————————————————————————————————+ Random  |
| Randomized padding: 0-20% of the       | data    |
| unpadded cryptoblob size by default    |         |
+————————————————————————————————————————+—————————+
| Ciphertext (ChaCha20): 512+ B,         |         |
| consists of:                           |         |
| - Encrypted padded/truncated           | Random- |
|   comments, always 512 B               | looking |
| - Encrypted payload file               | data    |
|   contents, 0+ B                       |         |
+————————————————————————————————————————+         |
| Optional MAC tag (BLAKE2/random): 64 B |         |
+————————————————————————————————————————+—————————+
| Randomized padding: 0-20% of the       |         |
| unpadded cryptoblob size by default    | Random  |
+————————————————————————————————————————+ data    |
| Salt for prehashing (BLAKE2): 16 B     |         |
+————————————————————————————————————————+—————————+

• New salt handling:
  • Argon2 salt set to the beginning of the cryptoblob.
  • BLAKE2 salt set to the end of the cryptoblob.
• Updated padding scheme: calculate total padding size based on the unpadded size (ciphertext size + MAC tag size + salts size) instead of the ciphertext size.
• MAC message extended with sizes: added sizes of header padding, footer padding, and total padded size (cryptoblob size).
• Implemented Unicode Normalization Form C (NFC) (as requied by RFC 8265) for passphrases.

v0.17.0

• Performed code refactoring.
• Added log_d(), log_i(), log_w(), log_e(); used them instead of raw print().
• Improved log and prompt messages.
• Replaced hashlib.blake2b with nacl.hashlib.blake2b.
• Added docstrings and comments.
• Improved error handling; handled nonce counter overflow and EOFError for every input().
• Changed the numbering of input options.
• Added limitations for input options set to: 1023 for passphrase size, 2^60 for output file size (in action 8), and 10^18 for maximum padding percentage.
• Applied strip() for integer and boolean input options.
• Improved type hinting using the features of Python 3.9; the minimum required version of Python has been updated to 3.9.
• Added pyproject.toml.
• Removed setup.py.

v0.16.0

• Improve keyfile handling: all keyfiles from the specified directory are not accepted if there is no access to at least one subdirectory.
• Update UI.
• Update docs.
• Improve debug.

v0.15.1

• Prevent an attempt to remove a non-existent output path.

v0.15.0

• Add "offer to remove the output file path" feature.
• Update docs.

v0.14.0

• Update UI.
• Update docs.
• Minor refactoring.

v0.13.0

• Update docs.
• Update UI.
• Improve debug.
• Add deb/DEBIAN/control and update Makefile to build and install the package.

v0.12.0

• Update the user interface.
• Update docs.

v0.11.0

• Update the user interface.
• Update docs.

v0.10.0

• Add a tutorial.
• Extend debugging messages.
• Update the user interface.