User Tools

Site Tools


budget:pysf

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

budget:pysf [2012/10/06 20:45]
andy
budget:pysf [2012/10/12 07:32]
Line 1: Line 1:
-====== pysf - Transparent File Encryption in Python ====== 
- 
-A C library and Python wrapper allowing strong encryption of a file allowing for relatively random access patterns without having to decrypt the entire file in memory. 
- 
-===== Overview ===== 
- 
-The file is locked with a passphrase and this is used to derive an encryption key via the [[wikipedia>​PBKDF2]] function. Files are split into fixed size blocks and each block is separately encrypted with a block cipher, where the IV is generated via a pseudo-random function for each block. Stream ciphers may be in appropriate as repeatedly encrypting different data with the same initial state can allow attacks to derive the key. 
- 
-Splitting files into blocks allows more or less random access, as each block can be independently decrypted. The library can handle selection of blocks to load and decrypt, as well as any caching that might be required. The C API hides all aspects of this and allows two simple primitives to read and write a specific block of data from a specified offset within the file. 
- 
- 
-===== File Header ===== 
- 
-The following table indicates the minimum header: 
- 
-^ ^  0  ^  1  ^  2  ^  3  ^ 
-^  0  |  ''​0xAA'' ​ |  ''​0x5F'' ​ |  Version ​ || 
-^  4  |  Header length (bytes) ​ ||  Cipher ​ |  Mode  | 
-^  8  |  Key size (bytes) ​ |  Salt size (bytes) ​ |  Block size (bytes) ​ || 
-^  12  |  Salt (encryption) ​ |||| 
-^  16  | ::: |||| 
-^  20  |  Salt (checksum) ​ |||| 
-^  24  | ::: |||| 
-^  28  |  Checksum ​ |||| 
-^  32  | ::: |||| 
-^  36  | ::: |||| 
-^  40  | ::: |||| 
-^  44  | ::: |||| 
- 
-Since the size of the salts is variable, the checksum may occur later. 
- 
-  * **Version:​** version of file format, where least significant byte is a minor version indicating backward compatibility and most significant byte is a major version indicating incompatible format changes. 
-  * **Header length:** offset of file data from start of file, which may extend beyond the actual header (for example, to align with blocks on disk). 
-  * **Cipher:** identifies cipher algorithm used (e.g. AES). 
-  * **Mode:** indicates chaining mode (e.g. CBC). 
-  * **Key size:** size of key for encryption and checksum //in bytes// (e.g. 16 for 128-bit key). 
-  * **Salt size:** size of salt used //in bytes// --- this determines the size of the two salt fields later and should be a multiple of 4 bytes to maintain alignment. 
-  * **Block size:** size of blocks into which file data is split prior to encryption, in bytes. 
-  * **Salt (encryption):​** salt used for generating encryption key from passphrase. 
-  * **Salt (checksum):​** salt used for generating key for HMAC checksumming from passphrase. 
-  * **Checksum:​** the XOR of the HMAC-SHA1 sums of each //​encrypted//​ block of the file. 
- 
  
budget/pysf.txt ยท Last modified: 2012/10/12 07:32 (external edit)