crypto2/README.md

# Crypto2

Kotlin Multiplatform cryptographic primitives using modern strong cryptography.

Cryptographic API works exactly the same and compiles to any platform supported listed below with no change in source code.

All primitives meant to send over the network or store are `kotlinx.serialization` compatible, serializers included.

# Important notes on upgrade

___Please upgrade to 0.7.1+___ as it has much more compact but not backward-compatible serialization format!

Since version __0.5.*__ key identity calculation for asymmetric keys is updated
to make it safer for theoretic future attack on blake2b hashing. Key.id values
are incompatible with older. Sorry for inconvenience.

# Usage

```kotlin
repositories {
  maven("https://gitea.sergeych.net/api/packages/SergeychWorks/maven")
}
dependencies {
  import("net.sergeych:crypto2:0.7.1-SNAPSHOT")  
}
```

# Documentation

Please see the current documentation [here](https://code.sergeych.net/docs/crypto2/).

# Supported platforms:

## Javascript

- All moder browsers, including mobile
- Node.js

## WasmJs

- All moder browsers, including mobile

## JVM

- Android
- Linux
- Windows
- MacOSX

## Native Apple platforms:

- IOS ARM64, X64, Simulator ARM64
- Macos ARM64, MacOS X64

## Native Windows

- Mingw X64

## Native Linux platforms

- Linux Arm64
- Linux X64

# Cryptographic primitives

## Diffie-Hellman safe key exchange

Using X25519 curves, it generates two symmetric keys with XSalsa20+Poly1305 for independent p2p ciphers and session token, same on both sides.

## Multi-signed container

A container with random binary or `kolinx.serialized` data, signed with one or more Ed25519 secret keys. Signatures could be added sequentially, each signature contains timestamp and the optional expiration. __Blake2b__ fast and strong hashing is used.

Signatures include public keys (as these are short for Ed25519) which can be used to easily identify the signing party.

## Multi-key encrypted contained.

The `koltlinx.serialized` message intended to be readable by owner of one of an arbitrary numbed of keys. Supports the following keys:
 
- __symmetric keys__ with XSalsa20+Poly1305
- Secret/Public keys Ed25519.
- password-derived keys (PBKDF generation parameters are stored in the container so the key could be derived from the password)

Once the container is decrypted with any of the intended keys, it could be re-encrypted with new data and/or new destination keys, keeping all existing keys events not having them. E.g., it allows "reply all" function even when not all recipients are known and even if the symmetric key cryptography is used. 

The proper keys are retrieved from the keyring (below) automatically.

## Keyring

Collection of various type keys:

- Signing/verifying Ed25519, 
- Secret decrypting and public encrypting 25519 
- symmetric XSalsa20
- session (pair of XSalsa20)

Keys could be associated with tags. Keyrings are used primarily to store keys in the encrypted containers (above) and to encrypt/decrypt it.

## Key derivation/password key derivation

Using very strong Argon_v2id, and adjustable complexity. Allows storing password key derivation parameters (included in the generated symmetric keys) to re-derive keys later, allows multiple keys derivation. All structures meant to be stored are serializable.

## Unified keys hierarchy

Allows the application code to use proper key abstraction and work with more key types in the future, e.g. `SigningKey`, `VerifyingKey`, `EncryptingKey` and `DecryptingKey`. Effective key generation and random byte sequence producers.

Secret key encryption and signing/verifying uses Edwards curves 25519 algorithms.


## Various tools

- Some Popular cryptographic hashes:
  - Blake2b
  - SHA3 256, 384, more are on the way.
- CRC-protected binary ID with magic numbers to implement human-friendly IDS with type checks

## Licensing

# Licensing

This is work in progress, not yet moved to public domain;
you need to obtain a license from https://8-rays.dev or [Sergey Chernov]. For open source projects it will most be free on some special terms.

It will be moved to open source; we also guarantee that it will be moved to open source immediately if the software export restrictions will be lifted. We do not support such practices here at 8-rays.dev and assume open source must be open.

[Sergey Chernov]: https://t.me/real_sergeych
version & readme 2024-07-24 22:35:26 +03:00			`# Crypto2`

			`Kotlin Multiplatform cryptographic primitives using modern strong cryptography.`

			`Cryptographic API works exactly the same and compiles to any platform supported listed below with no change in source code.`

			All primitives meant to send over the network or store are `kotlinx.serialization` compatible, serializers included.

0.5.3 incompatible but better asymmetric keys id (both encryption and signing) 2024-08-19 16:45:33 +02:00			`# Important notes on upgrade`

0.7.1 started. fixed secret key serialization excessive size for signing/verifying keys 2024-11-26 18:50:07 +07:00			`___Please upgrade to 0.7.1+___ as it has much more compact but not backward-compatible serialization format!`

0.5.3 incompatible but better asymmetric keys id (both encryption and signing) 2024-08-19 16:45:33 +02:00			`Since version __0.5.*__ key identity calculation for asymmetric keys is updated`
0.5.4: compound hash 2024-08-25 02:50:42 +02:00			`to make it safer for theoretic future attack on blake2b hashing. Key.id values`
0.5.3 incompatible but better asymmetric keys id (both encryption and signing) 2024-08-19 16:45:33 +02:00			`are incompatible with older. Sorry for inconvenience.`

use asByteArray _view_ where possible (optimization) 2024-08-19 11:58:52 +02:00			`# Usage`

			```kotlin
+autodocs 2024-08-25 02:28:11 +02:00			`repositories {`
			`maven("https://gitea.sergeych.net/api/packages/SergeychWorks/maven")`
			`}`
use asByteArray _view_ where possible (optimization) 2024-08-19 11:58:52 +02:00			`dependencies {`
0.7.1 started. fixed secret key serialization excessive size for signing/verifying keys 2024-11-26 18:50:07 +07:00			`import("net.sergeych:crypto2:0.7.1-SNAPSHOT")`
use asByteArray _view_ where possible (optimization) 2024-08-19 11:58:52 +02:00			`}`
			```

+autodocs 2024-08-25 02:28:11 +02:00			`# Documentation`

			`Please see the current documentation [here](https://code.sergeych.net/docs/crypto2/).`

version & readme 2024-07-24 22:35:26 +03:00			`# Supported platforms:`

			`## Javascript`

			`- All moder browsers, including mobile`
			`- Node.js`

Add wasmJs target 2025-02-02 21:31:53 +03:00			`## WasmJs`

			`- All moder browsers, including mobile`

version & readme 2024-07-24 22:35:26 +03:00			`## JVM`

			`- Android`
			`- Linux`
			`- Windows`
			`- MacOSX`

			`## Native Apple platforms:`

			`- IOS ARM64, X64, Simulator ARM64`
			`- Macos ARM64, MacOS X64`

			`## Native Windows`

			`- Mingw X64`

			`## Native Linux platforms`

			`- Linux Arm64`
			`- Linux X64`

			`# Cryptographic primitives`

			`## Diffie-Hellman safe key exchange`

0.5.4: compound hash 2024-08-25 02:50:42 +02:00			`Using X25519 curves, it generates two symmetric keys with XSalsa20+Poly1305 for independent p2p ciphers and session token, same on both sides.`
version & readme 2024-07-24 22:35:26 +03:00
			`## Multi-signed container`

			A container with random binary or `kolinx.serialized` data, signed with one or more Ed25519 secret keys. Signatures could be added sequentially, each signature contains timestamp and the optional expiration. __Blake2b__ fast and strong hashing is used.

0.5.4: compound hash 2024-08-25 02:50:42 +02:00			`Signatures include public keys (as these are short for Ed25519) which can be used to easily identify the signing party.`
version & readme 2024-07-24 22:35:26 +03:00
			`## Multi-key encrypted contained.`

			The `koltlinx.serialized` message intended to be readable by owner of one of an arbitrary numbed of keys. Supports the following keys:

			`- __symmetric keys__ with XSalsa20+Poly1305`
			`- Secret/Public keys Ed25519.`
			`- password-derived keys (PBKDF generation parameters are stored in the container so the key could be derived from the password)`

0.5.4: compound hash 2024-08-25 02:50:42 +02:00			`Once the container is decrypted with any of the intended keys, it could be re-encrypted with new data and/or new destination keys, keeping all existing keys events not having them. E.g., it allows "reply all" function even when not all recipients are known and even if the symmetric key cryptography is used.`
version & readme 2024-07-24 22:35:26 +03:00
0.5.4: compound hash 2024-08-25 02:50:42 +02:00			`The proper keys are retrieved from the keyring (below) automatically.`
version & readme 2024-07-24 22:35:26 +03:00
			`## Keyring`

			`Collection of various type keys:`

			`- Signing/verifying Ed25519,`
			`- Secret decrypting and public encrypting 25519`
			`- symmetric XSalsa20`
			`- session (pair of XSalsa20)`

			`Keys could be associated with tags. Keyrings are used primarily to store keys in the encrypted containers (above) and to encrypt/decrypt it.`

			`## Key derivation/password key derivation`

			`Using very strong Argon_v2id, and adjustable complexity. Allows storing password key derivation parameters (included in the generated symmetric keys) to re-derive keys later, allows multiple keys derivation. All structures meant to be stored are serializable.`

			`## Unified keys hierarchy`

			Allows the application code to use proper key abstraction and work with more key types in the future, e.g. `SigningKey`, `VerifyingKey`, `EncryptingKey` and `DecryptingKey`. Effective key generation and random byte sequence producers.

			`Secret key encryption and signing/verifying uses Edwards curves 25519 algorithms.`


			`## Various tools`

			`- Some Popular cryptographic hashes:`
			`- Blake2b`
			`- SHA3 256, 384, more are on the way.`
			`- CRC-protected binary ID with magic numbers to implement human-friendly IDS with type checks`

added copyright, license mention and other #10x2linus stuff. 2025-02-20 12:21:42 +03:00			`## Licensing`
version & readme 2024-07-24 22:35:26 +03:00
added copyright, license mention and other #10x2linus stuff. 2025-02-20 12:21:42 +03:00			`# Licensing`

			`This is work in progress, not yet moved to public domain;`
			`you need to obtain a license from https://8-rays.dev or [Sergey Chernov]. For open source projects it will most be free on some special terms.`

			`It will be moved to open source; we also guarantee that it will be moved to open source immediately if the software export restrictions will be lifted. We do not support such practices here at 8-rays.dev and assume open source must be open.`

			`[Sergey Chernov]: https://t.me/real_sergeych`