Make a custom TLV/Bytes password file with an AEAD header for encryption. Header should be public and body, i.e. passwords should be private and encrypted with an AEAD header. The FEK will be wrapped with a KDF and KEK to allow transportation and storage in OS keystore at rest. Here is the proposed structure:
Header
MAGIC (4 bytes): PVLT
version (u8)
aead_alg (u8)
seq(u64 BE)
valut_id (16 bytes)
nonce (12 bytes)
KDF_PARAMS (32 bytes), // Argon2id parameters for password slot
flags (u8) // bitmask
[ TLVs ]
TLV: type(u8), len(u16 BE), value([len])
types:
0x01=KEK_LOCATOR, // OS keystore/device key locator
0x02=WRAP, // One DEK-wrapping key slot
0x7F=END (Not a TLV, sorry if the formatting of this message makes it look like it is)
KDF_PARAMS (32 bytes total):
kdf_id (u8) // 0x01 = Argon2id
kdf_slot_id (u8) // small ID for WRAP to reference
salt (16 bytes)
m_cost_kib (u32 BE) //Argon2 memory cost in KiB
t_cost (u32 BE) // iterations
parallelism (u32 BE) // lanes
reserved (u16 BE) //0x0000, for future use/padding
KEK_LOCATOR
type = 0x01
value:
locator_id (u8) //small ID
locator_len (u16 BE)
locator ([locator_len])
WRAP
type = 0x02
value:
slot_id (u8)
source_kind (u8) // 0x01 = Passpharse, 0x02 = DeviceOsKey
if source_kind == 0x02 (DeviceOSKey):
locator_id (u8) // KEK_LOCATOR.locator_id
wrap_nonce (N bytes) // N implied by aead_alg
wrapped_dek_len (u16 BE)
wrapped_dek_ct ([wrapped_dek_len])
flags (u8)
Make a custom TLV/Bytes password file with an AEAD header for encryption. Header should be public and body, i.e. passwords should be private and encrypted with an AEAD header. The FEK will be wrapped with a KDF and KEK to allow transportation and storage in OS keystore at rest. Here is the proposed structure:
Header
MAGIC (4 bytes): PVLT
version (u8)
aead_alg (u8)
seq(u64 BE)
valut_id (16 bytes)
nonce (12 bytes)
KDF_PARAMS (32 bytes), // Argon2id parameters for password slot
flags (u8) // bitmask
[ TLVs ]
TLV: type(u8), len(u16 BE), value([len])
types:
0x01=KEK_LOCATOR, // OS keystore/device key locator
0x02=WRAP, // One DEK-wrapping key slot
0x7F=END (Not a TLV, sorry if the formatting of this message makes it look like it is)
KDF_PARAMS (32 bytes total):
kdf_id (u8) // 0x01 = Argon2id
kdf_slot_id (u8) // small ID for WRAP to reference
salt (16 bytes)
m_cost_kib (u32 BE) //Argon2 memory cost in KiB
t_cost (u32 BE) // iterations
parallelism (u32 BE) // lanes
reserved (u16 BE) //0x0000, for future use/padding
KEK_LOCATOR
type = 0x01
value:
locator_id (u8) //small ID
locator_len (u16 BE)
locator ([locator_len])
WRAP
type = 0x02
value:
slot_id (u8)
source_kind (u8) // 0x01 = Passpharse, 0x02 = DeviceOsKey
if source_kind == 0x02 (DeviceOSKey):
locator_id (u8) // KEK_LOCATOR.locator_id
wrap_nonce (N bytes) // N implied by aead_alg
wrapped_dek_len (u16 BE)
wrapped_dek_ct ([wrapped_dek_len])
flags (u8)