Alternative encryption format(s)

[clach04]

Also see:

• plug-able encryption puren_tonbo#4
• Try alternative (pure?) python crypto libraries openssl_enc_compat#4

Want compatible for:

• Windows Tombo (c/c++) - https://github.com/clach04/tombo
• Android Java
  • MiniNoteViewer - https://github.com/clach04/mininoteviewer_mirror
  • Kumugasu - https://github.com/clach04/kumagusu_mirror
  • Tombo Edit
    • https://github.com/clach04/tombo_edit_mirrorfork
    • https://github.com/clach04/tomboedit
• Cross-platform Puren Tonbo -plug-able encryption puren_tonbo#4

So whatever is picked would like/need implementations in:

1. C/C++
2. Java
3. Python
4. JS for web browser would be nice but not critical

NOTE file extension length issues, see #2 some areas of code have been identified that need updating, there may be other places. For example, .jenc files are 5 bytes including the dot ".".

Possible Options

Ideally have existing tools, for compatibility. Which would them define container and algorithm(s) and parameters.

• https://github.com/cryptouri/cryptouri.py crypto URN (for docs?)
• OpenSSL (enc command line option, or cms)
• zip aes AE-2 (AE-1) https://www.winzip.com/en/support/aes-encryption/ AES-CTR with HMAC-SHA1-80 based MAC and pbkdf2 (only 1,000 iterations) KDF
• Secret Space Encryptor https://paranoiaworks.mobi/sse/formats_specifications.html - multiple formats and options (could support a subset). Desktop and Android implementations.
• QOwnNotes - NOT RECOMMENDED it can not search it's own encrypted files, uses external tools with ascii armoring. either it's own AES format (no authentication/MAC, weak KDF 😢) or add Puren Tonbo command line support similar to https://github.com/pbek/QOwnNotes/blob/main/docs/scripting/examples/encryption-pgp.qml - note format issue and search limitation, can't search and data gets base64 encoded https://github.com/pbek/QOwnNotes/blob/c1e9447fa845fe7b665e61b9be2b85d6abfa811a/webpage/src/blog/2017-12-12-Interview-for-ownCloud.md?plain=1#L54
• https://github.com/andrewcooke/simple-crypt - later versions only, could extend do use newer KDF with newer format version number
• fernet, aes cbc with additional hmac. https://www.comparitech.com/blog/information-security/what-is-fernet/
• https://gimli.cr.yp.to/
• AEGIS-256
• XChaCha20-Poly1305 (rather than ChaCha20-Poly1305) from https://doc.libsodium.org/secret-key_cryptography/aead/aes-256-gcm

  WARNING: Despite being the most popular AEAD construction due to its use in TLS, safely using AES-GCM in a different context is tricky.

No more than ~ 350 GB of input data should be encrypted with a given key. This is for ~ 16 KB messages – Actual figures vary according to message sizes.
> In addition, nonces are short, and repeated nonces would totally destroy the security of this scheme. Nonces should thus come from atomic counters, which can be difficult to set up in a distributed environment.
> Unless you absolutely need AES-GCM, use AEGIS-256 (crypto_aead_aegis256_*()) instead.
> ... There are no plans to support non-hardware-accelerated implementations of AES-GCM. If portability is a concern, use ChaCha20-Poly1305 instead.

Articles

• https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html
• https://www.latacora.com/blog/2018/04/03/cryptographic-right-answers/
• https://soatok.blog/2021/01/11/block-cipher-structures-ranked/
• Https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods/
• https://soatok.blog/2020/05/13/why-aes-gcm-sucks/
• https://www.latacora.com/blog/2018/04/03/cryptographic-right-answers/
• https://soatok.blog/2020/11/14/going-bark-a-furrys-guide-to-end-to-end-encryption/
• http://soatok.blog/2020/12/24/cryptographic-wear-out-for-symmetric-encryption/ - see note above from libsodium
• https://soatok.blog/2021/03/12/understanding-extended-nonce-constructions/

Possible libraries

C

• https://gimli.cr.yp.to/ (implementation tab)
  • https://github.com/jedisct1/libhydrogen?tab=readme-ov-file
• general/ primitives
  • https://loop-aes.sourceforge.net/ (home of aespipe)
  • https://github.com/ctz/cifra
  • https://github.com/jedisct1/libhydrogen/tree/v0 not main branch
  • https://github.com/jedisct1/libaegis?tab=readme-ov-file
  • https://github.com/libtom/libtomcrypt/tree/develop
  • libsodoium / naCL
  • https://github.com/kokke/tiny-AES-c
• OpenSSL
  • https://antofthy.gitlab.io/software/pbkdf2_openssl.c kdf only
• zip AE-2 aes
  • https://www.artpol-software.com/ZipArchive/

Java

For Android, also research Kotlin libraries.

• zip AE-2 aes
  • http://www.lingala.net/zip4j/
  • https://code.google.com/archive/p/winzipaes/
  • https://osdn.net/projects/aeszip/releases/p11996

Javascript/ Typescript - Stretch Goal

For possible end-to-end encryption in web browsers.

[clach04]

As well as cryptManager changes, browser code will need work. A little more complicated than #2 (comment)