[Commits] [SCM] claws branch, master, updated. 3.15.0-44-g43a5970

ticho at claws-mail.org ticho at claws-mail.org
Sat Apr 29 14:35:29 CEST 2017


The branch, master has been updated
       via  43a5970e1f7b623fb3641d7e384fb07ba2a8d4d4 (commit)
      from  c8f81c20077ce5d2d3dd3b41065f707ae0ad2596 (commit)

Summary of changes:
 doc/src/password_encryption.txt |   24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)


- Log -----------------------------------------------------------------
commit 43a5970e1f7b623fb3641d7e384fb07ba2a8d4d4
Author: Andrej Kacian <ticho at claws-mail.org>
Date:   Sat Apr 29 14:35:01 2017 +0200

    Include more details in doc/src/password_encryption.txt.

diff --git a/doc/src/password_encryption.txt b/doc/src/password_encryption.txt
index 50873dc..7746499 100644
--- a/doc/src/password_encryption.txt
+++ b/doc/src/password_encryption.txt
@@ -4,21 +4,26 @@ stored encrypted using AES-256-CBC, using following scheme:
 
 Encryption/decryption key is derived from either PASSCRYPT_KEY, or
 user-selected master passphrase, using PBKDF2, using salt from
-'master_passphrase_salt'.
+'master_passphrase_salt', and number of rounds (iterations) from
+'master_passphrase_pbkdf2_rounds'.
 
-IV for the cipher is filled with random bytes.
+IV (initialization vector) for the cipher is filled with random bytes.
 
 
 Encryption
 ----------
 We prepare a buffer 128+blocksize bytes long, with one block of random
-data at the beginning, followed by the password we want to encrypt,
-rest is padded with zero bytes.
+data at the beginning, followed by the password we want to encrypt (in
+UTF-8), rest is padded with zero bytes.
 
-We encrypt the buffer.
+We encrypt the buffer using the encryption key and IV mentioned above,
+resulting in ciphertext of the same length as the buffer.
 
 We base64-encode the ciphertext, and store it as:
-"{algorithm}encodedciphertext"
+"{algorithm,rounds}encodedciphertext"
+
+"rounds" is an integer value set to number of PBKDF2 rounds used to
+generate the key derivation used as encryption key.
 
 
 Decryption
@@ -26,10 +31,11 @@ Decryption
 We strip the "{algorithm}" (after verifying that it matches what we
 expect) and base64-decode the remaining ciphertext.
 
-We decrypt the ciphertext.
+We decrypt the ciphertext using decryption key and IV mentioned above,
+resulting in plaintext of the same length as the ciphertext.
 
-We discard the first block, and the rest is a zero-terminated string
-with our password.
+We discard the first block from plaintext, and the rest is a
+zero-terminated string with our password in UTF-8.
 
 
 Why the random block at the beginning?

-----------------------------------------------------------------------


hooks/post-receive
-- 
Claws Mail


More information about the Commits mailing list