From 5ec8df420d5b7ed0675e7512b867dc71da1f6883 Mon Sep 17 00:00:00 2001 From: PrincessPi3 Date: Wed, 28 Jan 2026 16:25:35 -0700 Subject: [PATCH] cleaned up and updated readme --- Notes-Scratch-Prose.md | 2 +- README.md | 45 ++++++++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/Notes-Scratch-Prose.md b/Notes-Scratch-Prose.md index 3b03bfd..54edb8b 100644 --- a/Notes-Scratch-Prose.md +++ b/Notes-Scratch-Prose.md @@ -2,7 +2,7 @@ ## Cryptographic Questions - ~~are any of the sha digests biased or biasable?~~ - ~~if so, try scrypt or even argon2id?~~ - - __switching to argon2id__ + - **switching to argon2id** - are the passphrase or salt settings too high? are they diminishing returns or even counterproductive? - if so, what are some more optimal settings? ## Implementation Questions diff --git a/README.md b/README.md index f8620b9..d0f9d56 100644 --- a/README.md +++ b/README.md @@ -4,22 +4,29 @@ For when you need to share a file/authenticate anonymously, but want choices to Also for when you may want to burn those keys to destroy any evidence you were involved ## Method -Step 1: Collecting Information -Including -- an input file to sign -- a secure passphrase for use on an ssh key -- a secure passphrase for use as an sha256/sha512 salt -Step 2: Generating New Single-Use SSH Key Pair -- ed25519 by default -- secured with provided passphrase -Step 3: Generating Checksums -- Normal sha256 and sha512 checksums are generated of the input file and logged -- sha256(passphrase+file contents) and sha512(passphrase+file contents) disgests are calculated and logged -Step 4: Signing Files -- Original file is signed by the ssh key with a detached signature file -- checksums file is signed by the ssh key with a detached signature file -Step 5: Verification -- Both file and checksums files signates are checkeed against the ssh public key -- The original file is tested with normal sha256, normal sha512, salted sha256, and salted sha512 -Step 6: Output Public Files -- Public files are added to a new directory and compressed with 7zip \ No newline at end of file +**Step 1: Collecting Information** +1. an input file to sign +2. a secure passphrase for use on an ssh key +3. a secure passphrase for use as an ARGON2ID salt + +**Step 2: Generating New Single-Use SSH Key Pair** +1. ed25519 by default +2. secured with provided passphrase + +**Step 3: Generating Checksums** +1. Normal sha512 and sha256 checksums are generated of the input file and logged +2. secure argon2id(passphrase+file contents) digest is made and logged + +**Step 4: Signing Files** +1. Original file is signed by the ssh key with a detached signature file +2. checksums file is signed by the ssh key with a detached signature file + +**Step 5: Verification** +1. Both file and checksums files signates are checkeed against the ssh public key +2. The original file is tested with normal sha256, normal sha512, salted argon2id + +**Step 6: Output Public Files** +1. Public files are added to a new directory +2. secure random dotfile name is generated and placed in the public output directory +3. dotfile is filled with secure binary data to break any signature matches +4. public output directory is compressed and optionally encrypted with 7zip \ No newline at end of file