From 7ab034b680fea790592bf53d583e19dc9b12c766 Mon Sep 17 00:00:00 2001 From: RunasSudo Date: Sun, 26 May 2024 00:13:59 +1000 Subject: [PATCH] Correct documentation of AAD for file content encryption The documentation stated the chunk number is encoded as 32-bit integer. However, cryptolib FileContentCryptorImpl actually uses a 64-bit integer. This corrects the documentation to reflect cryptolib's actual behaviour. --- source/security/vault.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/security/vault.rst b/source/security/vault.rst index 13d42ec..85df094 100644 --- a/source/security/vault.rst +++ b/source/security/vault.rst @@ -49,7 +49,7 @@ The cleartext is broken down into multiple chunks, each up to 32 KiB + 28 bytes * up to 32 KiB encrypted payload using AES-GCM with the file content key, and * 16 bytes tag computed by GCM with the following AAD: - * chunk number as 32 bit big endian integer (to prevent undetected reordering), + * chunk number as 64 bit big endian integer (to prevent undetected reordering), * file header nonce (to bind this chunk to the file header), Afterwards, the encrypted chunks are joined preserving the order of the cleartext chunks.