cleaned up and updated readme
This commit is contained in:
@@ -2,7 +2,7 @@
|
|||||||
## Cryptographic Questions
|
## Cryptographic Questions
|
||||||
- ~~are any of the sha digests biased or biasable?~~
|
- ~~are any of the sha digests biased or biasable?~~
|
||||||
- ~~if so, try scrypt or even argon2id?~~
|
- ~~if so, try scrypt or even argon2id?~~
|
||||||
- __switching to argon2id__
|
- **switching to argon2id**
|
||||||
- are the passphrase or salt settings too high? are they diminishing returns or even counterproductive?
|
- are the passphrase or salt settings too high? are they diminishing returns or even counterproductive?
|
||||||
- if so, what are some more optimal settings?
|
- if so, what are some more optimal settings?
|
||||||
## Implementation Questions
|
## Implementation Questions
|
||||||
|
|||||||
@@ -4,22 +4,29 @@ For when you need to share a file/authenticate anonymously, but want choices to
|
|||||||
Also for when you may want to burn those keys to destroy any evidence you were involved
|
Also for when you may want to burn those keys to destroy any evidence you were involved
|
||||||
|
|
||||||
## Method
|
## Method
|
||||||
Step 1: Collecting Information
|
**Step 1: Collecting Information**
|
||||||
Including
|
1. an input file to sign
|
||||||
- an input file to sign
|
2. a secure passphrase for use on an ssh key
|
||||||
- a secure passphrase for use on an ssh key
|
3. a secure passphrase for use as an ARGON2ID salt
|
||||||
- a secure passphrase for use as an sha256/sha512 salt
|
|
||||||
Step 2: Generating New Single-Use SSH Key Pair
|
**Step 2: Generating New Single-Use SSH Key Pair**
|
||||||
- ed25519 by default
|
1. ed25519 by default
|
||||||
- secured with provided passphrase
|
2. secured with provided passphrase
|
||||||
Step 3: Generating Checksums
|
|
||||||
- Normal sha256 and sha512 checksums are generated of the input file and logged
|
**Step 3: Generating Checksums**
|
||||||
- sha256(passphrase+file contents) and sha512(passphrase+file contents) disgests are calculated and logged
|
1. Normal sha512 and sha256 checksums are generated of the input file and logged
|
||||||
Step 4: Signing Files
|
2. secure argon2id(passphrase+file contents) digest is made and logged
|
||||||
- Original file is signed by the ssh key with a detached signature file
|
|
||||||
- checksums file is signed by the ssh key with a detached signature file
|
**Step 4: Signing Files**
|
||||||
Step 5: Verification
|
1. Original file is signed by the ssh key with a detached signature file
|
||||||
- Both file and checksums files signates are checkeed against the ssh public key
|
2. checksums file is signed by the ssh key with a detached signature file
|
||||||
- The original file is tested with normal sha256, normal sha512, salted sha256, and salted sha512
|
|
||||||
Step 6: Output Public Files
|
**Step 5: Verification**
|
||||||
- Public files are added to a new directory and compressed with 7zip
|
1. Both file and checksums files signates are checkeed against the ssh public key
|
||||||
|
2. The original file is tested with normal sha256, normal sha512, salted argon2id
|
||||||
|
|
||||||
|
**Step 6: Output Public Files**
|
||||||
|
1. Public files are added to a new directory
|
||||||
|
2. secure random dotfile name is generated and placed in the public output directory
|
||||||
|
3. dotfile is filled with secure binary data to break any signature matches
|
||||||
|
4. public output directory is compressed and optionally encrypted with 7zip
|
||||||
Reference in New Issue
Block a user