I'm working on a little hobby project to better understand crypto.
https://app.gitbook.com/@noojee/s/dvault/
The aim is to make it easy to encrypt a set of files into a 'vault' and decrypt them at a later date.
The cli tool will work as follows
#generate rsa key pair
dvault init -p passphrase
#create an encrypted vault that contains <path to file>
dvault lock <path to file>
# decrypt the vault restoring the plain text file.
dvault unlock <path to vault> -p passphrase
The passphrases won't be passed on the cli, the above is just an illustration.
So the question is really around the structure and process to create the vault.
My understanding is that the iv and salt must be random but do not need to be encrypted.
My intent is to use aes 256 to encrypt the files and use the rsa public key to encrypt the aes key.
To encrypt the file contents I will create a 'vault' file that contains:
in clear text:
rsaIV
rsaSalt
aes256Iv
aes256Salt
encrypted items:
# generate, encrypt and store aeskey with rsa public key
aesKey = gen aesKey
encRsa[aesKey] using rsaPubKey, rsa256Iv, rsa256Salt
# generate, encrypt and store macKey using aes key
aesMacKey = gen aesMacKey
encAes[aesMacKey] using aesKey, aesIV,aesSalt
#generate, encrypt and store bodykey using aes key
aesBodyKey = gen aesKey
encAes[aesBodyKey] using aesKey, aesIV, aesSalt
# encrypt/store file using aes key
encBody = encAes256[file] using aesBodyKey, aes256Iv, aes256Salt
# generate mac from encrypted body
macOfEncBody = mac[encBody]
# encrypt, store mac using aes
encAes256[macOfEncBody] using aesMacKey, aes256IV, aes256Salt
I've used three aes keys here. My understanding is that that the mac and body aes keys must be different. Could I re-use the main aes key to encrypt the body and the mac key and eliminate the body key?
https://en.wikipedia.org/wiki/Authenticated_encryption (Encrypt the Mac)
I've shared the aes IV and Salt across the three keys is this OK or do I need a unique salt/iv for each key?
