I'm working on a little hobby project to better understand crypto.
https://app.gitbook.com/@noojee/s/dvault/
The aim is to make it easy to encrypt a set of files into a 'vault' and decrypt them at a later date.
The cli tool will work as follows
dvault init -p passphrase
dvault lock <path to file>
dvault unlock <path to vault> -p passphrase
The passphrases won't be passed on the cli, the above is just an illustration.
So the question is really around the structure and process to create the vault.
My understanding is that the iv and salt must be random but do not need to be encrypted.
My intent is to use aes 256 to encrypt the files and use the rsa public key to encrypt the aes key.
To encrypt the file contents I will create a 'vault' file that contains:
in clear text:
rsaIV
rsaSalt
aes256Iv
aes256Salt
encrypted items:
aesKey = gen aesKey
encRsa[aesKey] using rsaPubKey, rsa256Iv, rsa256Salt
aesMacKey = gen aesMacKey
encAes[aesMacKey] using aesKey, aesIV,aesSalt
aesBodyKey = gen aesKey
encAes[aesBodyKey] using aesKey, aesIV, aesSalt
encBody = encAes256[file] using aesBodyKey, aes256Iv, aes256Salt
macOfEncBody = mac[encBody]
encAes256[macOfEncBody] using aesMacKey, aes256IV, aes256Salt
I've used three aes keys here. My understanding is that that the mac and body aes keys must be different. Could I re-use the main aes key to encrypt the body and the mac key and eliminate the body key?
https://en.wikipedia.org/wiki/Authenticated_encryption (Encrypt the Mac)
I've shared the aes IV and Salt across the three keys is this OK or do I need a unique salt/iv for each key?