[<<<][^^^][>>>]


EBlob format

Eblob is an encrypted blob (binary large object, in the terms of databases), holding any kind of symmetrically encrypted data with the passphrase used to derive the key. It is used to secure configuration files, holding valuable private keys, allowing them to be transferred safely everywhere.

In fact it uses two factors for securing the data:

Whole security depends on the passphrase itself. Pay attention that this is not the password. Password is a short string of high entropy (highly random) characters, but passphrase is (very) long string of low-entropy characters. Low-entropy text is much more easier to remember, and its length provides pretty enough entropy as a result.

Password strengthening function is applied to that passphrase to mitigate brute-force and dictionary attacks on it. Here, Balloon memory-hard password hashing function is used, together with BLAKE2b-256 hash. It has proven memory-hardness properties, very easy to implement, resistant to cache attacks and seems more secure than Argon2 (Password Hashing Competition winner).

Eblob is an XDR-encoded structure:

+-------+------------------+------+
| MAGIC | S | T | P | SALT | BLOB |
+-------+------------------+------+
XDR typeValue
Magic number8-byte, fixed length opaque dataN N C P B 0x00 0x00 0x03
S, T, Punsigned integerSpace cost, time cost and parallel jobs number
Salt32 bytes, fixed length opaque dataRandomly generated salt
Blobvariable length opaque dataAuthenticated and Encrypted data itself
  1. generate the main key using balloon(BLAKE2b-256, S, T, P, salt, password)
  2. initialize BLAKE2Xb XOF with generated main key and 32-byte output length
  3. feed N N C P B 0x00 0x00 0x03 magic number to XOF
  4. read 32-bytes of blob AEAD encryption key
  5. encrypt and authenticate blob using ChaCha20-Poly1305. Blob is splitted on 128 KiB blocks. Each block is encrypted with increasing nonce counter. Eblob packet itself, with empty blob field, is fed as an additional authenticated data

[<<<][^^^][>>>]