Loading…

		

		
		
		
		
		

	
						
		
			

				
				

					
					
Encrypted Stream

				

				
				

					


	
Format of Encrypted Stream



	

	
		

			Encrypted stream is produced by a low-level cipher component, and serves as
			a basic block for higher-level data structures. For example, Kryptel container's
			directory is stored as an encrypted stream, and separate encrypted streams are
			used to store each file's data.
		


		

			Encrypted stream is a very primitive structure and contains no information
			about the used cipher or the cipher parameters. The higher-level component
			should set all the required cipher parameters before starting the encryption (decryption)
			job. However the way, in which the cipher converts a stream of unencrypted data
			to the encrypted form and vise versa, is the sole responsibility of the cipher
			component. Even if the format of the encrypted stream is cipher-specific, all
			Kryptel ciphers use the same format, with the exception of the null cipher,
			which simply copies the input stream to the output (the end-user Kryptel product
			does not allow selecting the null cipher for encryption).
		


		
Input Data


		

			Kryptel ciphers do not impose any limitation on the data format, or on the length
			of the input stream. Zero length input stream is allowed. Typically, the input
			stream is compressed data produced by a compressor component.
		


		
Stream Decoration


		
Header

	    
		

			First step is inserting a random sequence of bytes at the beginning of
			the stream. The purpose of the random header is to defend against known
			plaintext attack. The first byte contains the size of the header, and
			is followed by a random number of random bytes. Kryptel 6.x ciphers insert
			1 to 16 random bytes, that is, the header length will be from 2 to 17
			bytes. If the header size is divisible by the cipher block size, one
			more random byte is added.
		

	    
		

			For example, in case of Blowfish cipher, which has block size 8 bytes,
			header sizes 8 and 16 are not allowed – the decoration function
			will add one more random byte to make the header 9 or 17 bytes long
			correspondingly. Note that in the hypothetical case of a cipher with
			block size 17, the maximum size of the header will be 18 bytes.
		

	    
		

			Kryptel 5 used 2 to 33 bytes long headers without block size checking.
			The difference does not affect decryption because in all the versions
			the first byte contains the number of bytes to remove.
		

	    
		
Trailer

	    
		

			Second step is stream padding. The cipher pads the input stream with
			the trailing sequence to the cipher block boundary. If the input stream
			(including the header) already ends on the block boundary, blocksize
			trailing bytes will be added. The trailer is a simple sequence of numbers
			1,2,3, ... ,n, so that the last byte of the
			sequence contains the length of the trailing sequence.
		

	    
		
Decoration Example

	    
		

			If the cipher block size is 8 bytes (64 bits), then the string
			“O, mama mia” (length=11) may be padded as
		

	    
		

			05 28 6F 74 81 “O, mama mia” 01 02 03 04 05 06 07 08
		



		
Stream Encryption


		

			After the decoration step the length of the stream is a multiple of
			the cipher block size. The decorated stream is encrypted using
			the currently set key and the selected cipher parameters.
		



		
Stream Decryption


		

			The stream is decrypted; the first and the last bytes of the decrypted
			stream contain the number of bytes to be removed from the beginning
			and from the end of the stream respectively.