- Changed the numbering of input options:
+———————————————————————————+——————————————————————————+
| [00] Select an option | [00] Select an action |
+———————————————————————————+——————————————————————————+
| [10] Use custom settings? | |
| [11] Time cost | [1x] Set custom settings |
| [12] Max padding size | |
| [13] Set fake MAC tag? | |
+———————————————————————————+——————————————————————————+
| [21] Input file path | |
| [22] Comments | [2x] Enter data, |
| [23] Output file path | data location, |
| [24] Output file size | data size |
| [25] Start position | |
| [26] End position | |
+———————————————————————————+——————————————————————————+
| [31] Keyfile path | [3x] Specify input |
| [32] Passphrase | keying material |
+———————————————————————————+——————————————————————————+
| [40] Proceed? | [40] Confirm to continue |
+———————————————————————————+——————————————————————————+
- New limitations set to:
- `2^64` B for output file size (in action 8).
- `2^64-1` B for cryptoblob size.
- `10^20` for maximum padding percentage.
- `2048` B for normalized passphrase size.
- Replaced flat layout with src layout.
- Replaced `pycryptodome`'s `ChaCha20` implementation with `cryptography`'s `ChaCha20` implementation for better performance.
- Added dependency: `cryptography`.
- Removed dependency: `pycryptodomex`.
- Removed `-d` option.
- Renamed input option: `Argon2 time cost` renamed to `Time cost`.
- Replaced `os.urandom()` with `secrets.token_bytes()`, and `hmac.compare_digests()` with `secrets.compare_digest()`.
- Fixed a bug in processing comments.
- Significantly improved debug messages.
- Sanitized logged strings, especially file paths.
- Italic formatting has been removed from log messages.
- Added new warnings.
- Added FAQ.md.
- Performed code refactoring.
**BREAKING:**
- New way to split Argon2 tag:
+————————————————+———————————————+————————————————+
| | pad_key_t:16 | Secret values |
| +———————————————+ that define |
| | pad_key_hf:16 | padding sizes |
| argon2_tag:128 +———————————————+————————————————+
| | enc_key:32 | Encryption key |
| +———————————————+————————————————+
| | mac_key:64 | MAC key |
+————————————————+———————————————+————————————————+
- New cryptoblob scheme:
+————————————————————————————————————————+—————————+
| Salt for key stretching (Argon2): 16 B | |
+————————————————————————————————————————+ Random |
| Randomized padding: 0-20% of the | data |
| unpadded cryptoblob size by default | |
+————————————————————————————————————————+—————————+
| Ciphertext (ChaCha20): 512+ B, | |
| consists of: | |
| - Encrypted padded/truncated | Random- |
| comments, always 512 B | looking |
| - Encrypted payload file | data |
| contents, 0+ B | |
+————————————————————————————————————————+ |
| Optional MAC tag (BLAKE2/random): 64 B | |
+————————————————————————————————————————+—————————+
| Randomized padding: 0-20% of the | |
| unpadded cryptoblob size by default | Random |
+————————————————————————————————————————+ data |
| Salt for prehashing (BLAKE2): 16 B | |
+————————————————————————————————————————+—————————+
- New salt handling:
- Argon2 salt set to the beginning of the cryptoblob.
- BLAKE2 salt set to the end of the cryptoblob.
- Updated padding scheme: calculate total padding size based on the unpadded size (`ciphertext size` + `MAC tag size` + `salts size`) instead of the `ciphertext size`.
- MAC message extended with sizes: added sizes of header padding, footer padding, and total padded size (cryptoblob size).
- Implemented Unicode Normalization Form C (NFC) (as requied by [RFC 7613](https://www.rfc-editor.org/rfc/rfc7613)) for passphrases.