Skip to content

Latest commit

 

History

History

dvx

README.md

dvx

Package dvx provides an easy-to-use interface to a Cryptography service, that uses state-of-the-art primitives. It provides 4 main categories of supported operations: Encryption/Decryption, Signing/Verifying, MAC, and as a special higher-order algorithm: TOTP Creation/Verification.

Picture of schematic architecture (See the picture of the complete architecture here)

Specification

Encoding

dvx has built-in support for upgrading the underlying cryptographic primitives used. It therefore introduces its packaging format for results from a dvx.Protocol instance:

<version>.<type_prefix>.<data>
  1. Version: Is the version of the underlying primitives and the way how keys are derived from the KeyPool for there respective primitives.
  2. TypePrefix: Is the identifier of the module used: "enc", "sig", "tag" or "totp"
  3. Data: is the raw data (e.g. encrypted content, signature, mac tag, etc.) represented as base64 url string without padding append ("Raw" encoding).

Primitives

dv1

  • Authenticated Encryption: XChaCha20-Poly1305 (192-bit random nonce, 256-bit key, 128-bit authentication tag)
    1. Generate 24 random bytes using a CSPRNG as nonce
    2. Pack "dv1" version string and nonce into AEAD-additional data (append([]byte("dv1"), nonce...))
    3. Use AEAD construction with key, nonce, message, additional_data
  • MAC: Keyed Blake2b (512-bit key, 256-|512-bit tag)
  • Signatures: Ed25519 (EdDSA over Curve25519)
  • Key Derivation: Argon2id (512-bit derived key)
Further reading

A few links and resources that should explain why the selected primitives where chosen for dv1
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy