Performs Encryption on input and output.
tomb --help #shows help (very very useful)
tomb [OPTIONS] #encrypt data
tomb [OPTIONS] -d #decrypt data
tomb [OPTIONS] < infile > outfile
tomb [OPTIONS] -i infile -o outfile
tomb [OPTIONS] -d
Salts and IV(s) are created and stored in memory
Random salts and IVs (initilization vectors) are created and stored in memory for encryption
a) 32bit Salt (file header encryption) is created and store in memory
b) 32bit Salt (data encryption) is created and store in memory
c) 32bit IV (header IV) is created and store in memory
d) 32bit IV (data IV) is created and store in memory
Data Encryption Password Derivitation:
A 'Pre' password is created using the hash algorithms(s) supplied via the command
line (default is sha1). If multiple hashing algorithms are defined then they
will be cascaded.
ex: ./tomb --hash sha1 whirlpool tiger -p test
would look like this:
digest = hash_with_sha1( pass );
digest = hash_with_whirlpool( digest );
digest = hash_with_tiger( digest );
After all passwords and keyfiles have been hashed, then the master hash is
created in a similar way, but using the master hash algorithms(s) supplied via
the command line (default is sha512). A master hash is created using hashed
password(s) and hashed password file(s) (if any). After all of this the master
password is created using PBKDF2 with HMAC and SHA512 (Password Based Key
Derivitation Function #2) with 32210 iterations.
1) all hashed password(s) are concated together
:> passwords = password_hash1 + password_hash2;
2) all key file hashes are concated to the password hashes that were concated
together to make one long string of bytes.
:> passwords = key_file_hash1 + key_file_hash2;
3) master password is created using 'passwords' and hash algorithm(s)
:> master_hash = hash_with_sha1( passwords );
:> master_hash = hash_with_whirlpool( master_hash );
4) the master password created using PBKDF2 with HMAC and SHA512 with 32210
iterations with the salt for the data.
:> master_password = PBKDF2_HMAC_SHA512( master_hash, with_iteration_32210, SALT_DATA );
Encrypted Header Password Derivitation
IN PROGRESS
| | | | . | Size (bytes) | Encryption Status | Description | . | 5 | Unencrypted | Optional Magic Header (Set to random by default) | . | 32 | Unencrypted | salt for encryption (master password) file encryption | . | 32 | Unencrypted | salt for encrypted header (algorithms) file encryption | . | 32 | Unencrypted | iv (initialization vector) for encrypted header | . | 32 | Unencrypted | iv for encrypted data | . | 8 | Unencrypted | reserved for future use (set to random value) | . | 2 | Encrypted | minimum version of Tomb needed to access file | . | 4 | Encrypted | size of encrypted file header | . | 4 | Encrypted | contains the ASCII text TRUE | . | 4 | Encrypted | CRC value of salt(s) and iv(s) | . | 1 | Encrypted | Mode of operation used in encryption | . | 4 | Encrypted | number of hashes used for password creation | . | 16 | Encrypted | array of hashes used | . | 4 | Encrypted | number of hashes used for master password creation | . | 5 | Encrypted | array of master hashes used | . | 4 | Encrypted | number of ciphers used | . | 16 | Encrypted | array of ciphers used |
|