| blob | 3b5a19e88f5333b2fe8baa79061931d1f445a2c2 |
1 !!! Agorithm description
2 !!!!Encryption steps
3 : padding : plaintext is padded with spaces to achieve length of multiple of $AesCryptPadding
4 : nonce : pseudo-random 64bit nonce is generated
5 : counter : 64bit counter is set to zero
6 : key derivation : key is computed from password and possibly nonce (see below)
7 : encryption : plaintext is encrypted using AES-256 in CTR mode
8 : output : Base64-encoded concatenation of nonce and ciphertext
10 !!!!Decryption steps
11 : input : Base64-decode and split input to nonce and ciphertext
12 : counter : 64bit counter is set to zero
13 : key derivation : key is computed from password and possibly nonce (see below)
14 : decryption : ciphertext is decrypted using AES-256 in CTR mode
15 : trim : plaintext is trimmed
17 !!!KDF functions
18 Function is selected by $AesCryptKDF variable.
19 Possible values are:
20 : sha256 : SHA-256 hash of password
21 : sha256_dup : SHA-256 hash of longer text constructed using password and nonce
22 : aes : encrypt password with AES, compatible with original aescrypt-0.1 recipe
23 : custom : custom KDF function. Details described in subchapter later.
25 !!!! sha256_dup
26 Input for SHA-256 hashing is constructed using following JavaScript code:
28 [@
29 var buffer = '';
30 var nBytes = nBits/8;
31 var nonceEnc = Base64.encode(nonce);
32 for (var i = 0; i < nBytes ; i++) {
33 buffer = buffer.concat(i, password.charAt(i % password.length), password, nonceEnc);
34 }
35 var hash = Sha256.hash(buffer);
36 return hash.slice(0, nBytes);
37 @]
39 For example, "TopSecret" password and nonce "+u3lTovF4nE=" (in base64) produce (line breaks added for clarity):
41 [@
42 0TTopSecret+u3lTovF4nE=1oTopSecret+u3lTovF4nE=2pTopSecret+u3lTovF4nE=
43 3STopSecret+u3lTovF4nE=4eTopSecret+u3lTovF4nE=5cTopSecret+u3lTovF4nE=
44 6rTopSecret+u3lTovF4nE=7eTopSecret+u3lTovF4nE=8tTopSecret+u3lTovF4nE=
45 9TTopSecret+u3lTovF4nE=10oTopSecret+u3lTovF4nE=11pTopSecret+u3lTovF4nE=
46 12STopSecret+u3lTovF4nE=13eTopSecret+u3lTovF4nE=14cTopSecret+u3lTovF4nE=
47 15rTopSecret+u3lTovF4nE=16eTopSecret+u3lTovF4nE=17tTopSecret+u3lTovF4nE=
48 18TTopSecret+u3lTovF4nE=19oTopSecret+u3lTovF4nE=20pTopSecret+u3lTovF4nE=
49 21STopSecret+u3lTovF4nE=22eTopSecret+u3lTovF4nE=23cTopSecret+u3lTovF4nE=
50 24rTopSecret+u3lTovF4nE=25eTopSecret+u3lTovF4nE=26tTopSecret+u3lTovF4nE=
51 27TTopSecret+u3lTovF4nE=28oTopSecret+u3lTovF4nE=29pTopSecret+u3lTovF4nE=
52 30STopSecret+u3lTovF4nE=31eTopSecret+u3lTovF4nE=
53 @]
55 !!!! Custom key derivation function
56 * use following template to create code which shall be inserted into @@local/config.php@@
57 [@
58 $AesCryptKDF='custom';
59 $AesCryptKDFJSCode = "
60 AesCtr.kdf_custom = function(password, nBits, nonce) {
62 var hash;
63 // insert custom derivation function here
64 // params:
65 // password - password given by user
66 // nBits - AES variant, always 256
67 // nonce - binary string of length 8 containing nonce, can be used as salt
68 return hash;
69 }
70 ";
71 include_once("$FarmD/cookbook/aescrypt.php");
72 @]
74 !!Links
75 * http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
78 !!Java testing application
79 Build application using Maven:
81 mvn install
83 Use following command to start command-line interface:
85 java -jar JavaAesCryptTest-jar-with-dependencies.jar
87 Note: GUI interface is not yet implemented.
89 !!Test ciphers
90 Here are some test ciphers (mode/Password/Text/ciphertext):
92 sha256/TopSecret/test5:
93 fEaxTorFYjFnA33Bu5kRcw==
96 sha256_dup/TopSecret/test123456789:
97 +u3lTovF4nFv8dYNIaXjinWylW/W/6Sw
100 aes/TopSecret/test1234:
101 luTlTuHh4eHrEPklnMfcAb70
103 aes/TopSecret/zkouška:
104 4OTlTtTU1NSvedV6iKTpxy5G
106 aes/testing1234/Encrypt this text:
107 CuXlTpiYmJgivaCAyM1nGHjC/T3jUhHhoLXz