This file describes the cryptography done by eddy. It can be used to recreate the program (or build a new one) to, for example, decrypt already encrypted files.
eddy uses ChaCha20 stream cipher together with BLAKE2b hash function in keyed mode for file authentication (MAC). The 256 bit ChaCha20 key is produced by passing user provided or randomly generated password (passphrase) and a random 16-byte salt to scrypt KDF with the following parameters: n=65536, r=8, p=1, keyLen=32.
After initializing a ChaCha20 instance with the key from the previous step and a random 12-byte nonce, a BLAKE2b key is generated by XORing a 64-byte zero-block using this instance - in Go, such a block is created with make([]byte, 64).
The file MAC tag is calculated from the ciphertext, not plaintext. This is called "Encrypt-then-MAC" (EtM).
An encrypted file has the following structure. No delimiters or flags. This provides plausible deniability - the file is generally indistinguishable from, say, a compressed file or a randomly generated one.
| nonce | scrypt salt | MAC tag | ecnrypted file contents |
|---|---|---|---|
| 12 bytes | 16 bytes | 64 bytes | 0~256GiB |