octoleo
/
restic
mirror of https://github.com/octoleo/restic.git
2
2
Fork 0
Code Issues Releases Wiki Activity

Clarify ciphertext mac

This commit is contained in:
Alexander Neumann 2015-03-22 21:29:19 +01:00
parent 02282a4fff
commit 2dad4fba3a
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/Design.md
View File

@ -79,8 +79,9 @@ a random nonce. This is used both as the IV for counter mode and the nonce for
Poly1305. This operation needs three keys: A 32 byte for AES-256 for
encryption, a 16 byte AES key and a 16 byte key for Poly1305. For details see
the original paper[The Poly1305-AES message-authentication
code](http://cr.yp.to/mac/poly1305-20050329.pdf) by Dan Bernstein. The
ciphertext is stored as IV || CIPHERTEXT || MAC.
code](http://cr.yp.to/mac/poly1305-20050329.pdf) by Dan Bernstein.
The data is then encrypted with AES-256 and afterwards the MAC is computed over
the ciphertext, everything is then stored as IV || CIPHERTEXT || MAC.
The directory `keys` contains key files. These are simple JSON documents which
contain all data that is needed to derive the repository's master signing and