Skip to content
flow8

Encryption

Encryption Mechanics

Overview

flow8 automation framework utilizes the state of an art XSalsa20 stream cipher combined with the Poly1305 message authentication code (MAC) for secure encryption and data integrity. This document explains the encryption mechanics and how encryption is handled efficiently within the framework.

  • Security: Provides robust encryption and ensures data authenticity with minimal computational overhead.
  • Efficiency: Suitable for applications requiring high-speed encryption.
  • Unique Nonce: The use of a 192-bit nonce ensures no nonce reuse within practical conditions, preserving security.

Encryption

  1. Key Generation: A 256-bit symmetric key is generated or provided for both encryption and decryption. This key is used for XSalsa20 encryption.
  2. Nonce Creation: A unique 192-bit nonce is generated for every encryption operation to ensure that encryption results remain unique, even with the same key and plaintext.
  3. Encryption: The plaintext is encrypted using the XSalsa20 cipher along with the symmetric key and the nonce.
  4. Authentication: The Poly1305 MAC is computed based on the ciphertext and the nonce to guarantee data authenticity and integrity.
  5. Output: The final encrypted payload consists of the nonce, ciphertext, and Poly1305 MAC. This structure ensures that the data can be decrypted and verified appropriately.

Decryption

  1. Extract Components: The encrypted payload is split into the nonce, ciphertext, and MAC.
  2. Verify MAC: The Poly1305 MAC is recalculated for the received ciphertext and nonce. If the MACs mismatch, decryption is aborted since the data integrity cannot be guaranteed.
  3. Decrypt: If the MAC verification is successful, the ciphertext is decrypted back to plaintext using the key and nonce with the XSalsa20 cipher.

Applications

  1. Key Value Storage: key value storage is encrypted by default to ensure the security and integrity of sensitive data.