Use Argon2i key derivation to generate my public key from a passphrase.
The public key is then hard-coded into the saylouis
source before compilation.
Generate a new X25519 key pair. Perform X25519 key exchange with my stored public key and hash the result to produce a shared secret. Use this shared secret and the public key for authenticated encryption via XChaCha20. Output a hidden form of the public key (indistinguishable from random noise), a MAC, and the ciphertext. Also output a fingerprint of the public key.
Details:
- My public key
lp
is hard-coded into the binary. - Generate a 32-byte random seed
seed
. - Use
crypto_hidden_key_pair(uhp, uk, seed)
to get a (hidden) public keyuhp
and a private keyuk
. - Use
crypto_x25519(rs, uk, lp)
to get secretrs
, and then hash it usingss = BLAKE2b(rs || uhp || lp)
to get the final shared secret. - Output
uhp
. - Input at most
blocksize
bytes. - Call
crypto_lock
onss
,plaintext
, using a count (starting at zero) of the blocks as the nonce, to get theciphertext
andmac
. - Output
mac || ciphertext
. If there's more input to handle, go to 6. - Display a fingerprint of
uhp
.
Read the public key from the input, display the fingerprint and confirm it's okay to continue. Use Argon2i key derivation to compute my public and private key from a passphrase. Authenticate the ciphertext using the mac, decrypt using the nonce and my secret key.