Expand description
Password-wrap blob: AES-256-GCM wrapped master key under Argon2id-derived KEK.
Binary format:
Version byte (1 byte): 0x01
Nonce (12 bytes): random
Ciphertext + GCM tag (48 bytes): AES-256-GCM(Argon2id(password, salt), master_key)Total: 61 bytes.
The KEK is Argon2id(password, salt) — the same KDF used previously to
derive the master key directly. In multi-factor mode, however, the master
key is random (getrandom(32)) and the Argon2id output wraps it rather
than being it.
Structs§
- Password
Wrap Blob - Parsed password-wrap blob.
Constants§
- PASSWORD_
WRAP_ VERSION - Version of the password-wrap blob format.