Previous: cm/hashed format, Up: Cryptographic messages [Index]
Encrypted container, some kind of analogue to ASN.1-based CMS EnvelopedData, LibrePGP or age.
Stored in a file, it should begin with "cm/encrypted" magic.
encrypted {
{field dem {with dem}}
{field kem {list} {of kem} >0}
{field id {hexlet} optional}
{field payload {bin} optional}
{field pubs {list} {of map} optional >0} {# attached public keys}
}
dem {
{field . {map}}
{field a {str} >0} {# xchapoly-krkc}
{# xchapoly-krmr}
{# kuznechik-ctr-hmac-kr}
}
kem {
{field a {str} >0}
{field cek {bin} >0}
}
schema-include fpr.tcl
schema-include kem-with-encap.tcl
schema-include kem-gost3410-hkdf.tcl
schema-include kem-balloon-blake2b-hkdf.tcl
schema-include kem-pbkdf2.tcl
/payload contains the ciphertext. It is encrypted with random
"content encryption key" (CEK) with an algorithm specified in
/dem/a (data encapsulation mechanism). /dem may contain
additional fields supplementing the decryption process, like
initialisation vector.
If /payload is absent, then ciphertext is provided by other
means, for example just by following the cm/encrypted structure.
It is recommended to encode it as a BLOB, which chunk’s length depends
on DEM algorithm.
CEK is encapsulated in /kem/*/cek entries (key encapsulation
mechanisms), using /kem/*/a algorithm.
If KEM uses public-key based cryptography, then recipient’s public key(s) must be provided. Optional /kem/*/to, public key’s
fingerprint, may provide a hint to quickly search for the key on the
recipient’s side.
Optional /id is used in KEMs for domain separation and envelope
identification. UUIDv4 is recommended. If absent, then null UUID is used
in KDF.
| • Authcrypt: | Authenticated public-key encryption | |
| • Key wrapping: | Key wrapping mechanisms | |
| • DEM: | Data encapsulation mechanisms | |
| • KEM: | Key encapsulation mechanisms |
Previous: cm/hashed format, Up: Cryptographic messages [Index]