- Changed the numbering of input options:
+———————————————————————————+——————————————————————————+
| [00] Select an option | [00] Select an action |
+———————————————————————————+——————————————————————————+
| [10] Use custom settings? | |
| [11] Time cost | [1x] Set custom settings |
| [12] Max padding size | |
| [13] Set fake MAC tag? | |
+———————————————————————————+——————————————————————————+
| [21] Input file path | |
| [22] Comments | [2x] Enter data, |
| [23] Output file path | data location, |
| [24] Output file size | data size |
| [25] Start position | |
| [26] End position | |
+———————————————————————————+——————————————————————————+
| [31] Keyfile path | [3x] Specify input |
| [32] Passphrase | keying material |
+———————————————————————————+——————————————————————————+
| [40] Proceed? | [40] Confirm to continue |
+———————————————————————————+——————————————————————————+
- New limitations set to:
2^64B for output file size (in action 8).2^64-1B for cryptoblob size.10^20for maximum padding percentage.2048B for normalized passphrase size.
- Replaced flat layout with src layout.
- Replaced
pycryptodome'sChaCha20implementation withcryptography'sChaCha20implementation for better performance. - Added dependency:
cryptography. - Removed dependency:
pycryptodomex. - Removed
-doption. - Renamed input option:
Argon2 time costrenamed toTime cost. - Replaced
os.urandom()withsecrets.token_bytes(), andhmac.compare_digests()withsecrets.compare_digest(). - Fixed a bug in processing comments.
- Significantly improved debug messages.
- Sanitized logged strings, especially file paths.
- Italic formatting has been removed from log messages.
- Added new warnings.
- Added FAQ.md.
- Performed code refactoring.
BREAKING:
- New way to split Argon2 tag:
+————————————————+———————————————+————————————————+
| | pad_key_t:16 | Secret values |
| +———————————————+ that define |
| | pad_key_hf:16 | padding sizes |
| argon2_tag:128 +———————————————+————————————————+
| | enc_key:32 | Encryption key |
| +———————————————+————————————————+
| | mac_key:64 | MAC key |
+————————————————+———————————————+————————————————+
- New cryptoblob scheme:
+————————————————————————————————————————+—————————+
| Salt for key stretching (Argon2): 16 B | |
+————————————————————————————————————————+ Random |
| Randomized padding: 0-20% of the | data |
| unpadded cryptoblob size by default | |
+————————————————————————————————————————+—————————+
| Ciphertext (ChaCha20): 512+ B, | |
| consists of: | |
| - Encrypted padded/truncated | Random- |
| comments, always 512 B | looking |
| - Encrypted payload file | data |
| contents, 0+ B | |
+————————————————————————————————————————+ |
| Optional MAC tag (BLAKE2/random): 64 B | |
+————————————————————————————————————————+—————————+
| Randomized padding: 0-20% of the | |
| unpadded cryptoblob size by default | Random |
+————————————————————————————————————————+ data |
| Salt for prehashing (BLAKE2): 16 B | |
+————————————————————————————————————————+—————————+
- New salt handling:
- Argon2 salt set to the beginning of the cryptoblob.
- BLAKE2 salt set to the end of the cryptoblob.
- Updated padding scheme: calculate total padding size based on the unpadded size (
ciphertext size+MAC tag size+salts size) instead of theciphertext size. - MAC message extended with sizes: added sizes of header padding, footer padding, and total padded size (cryptoblob size).
- Implemented Unicode Normalization Form C (NFC) (as requied by RFC 8265) for passphrases.