-
Notifications
You must be signed in to change notification settings - Fork 13
Encryption
Data encryption is done using a 256-bit key, the symmetric block cipher AES (Advanced Encryption Standard) along with GCM (Galois/Counter Mode) a cipher mode providing an authenticated encryption algorithm designed to ensure data authenticity, integrity and confidentiality.
AES 256-bit cipher uses 14 rounds (a substitution and permutation network design with a single collection of steps) of operations for performing encryption and decryption processes.
AES entire data block is being processed in an identical way during all rounds, each one of them comprises four different operations. One operation is permutation and the other three are substitutions. They are SubBytes, ShiftRows, MixColumns, and AddRoundKey.
In AES, all the transformations that are being used in the encryption process will have the inverse transformations that are being used in the decryption process. Each round of the decryption process in AES uses the inverse transformations InvSubBytes(), InvShiftRows() and InvMixColumns().
Names are obfuscated using the bitwise XOR operation and the authentication key, which is encrypted and used to determine whether the password is correct by decrypting it at the start of every command.
This way, we ensure that the record names are not in plaintext while being able to access them without using a compute-expensive operation.
kure - Cross-platform command-line password manager with sessions.