v0.6.0

[covert-encryption]

It has been a few weeks since our last release but despite the holiday season we have been working and are proud to publish another big "minor" update in the form of 0.6 (with further patch releases expected in rapid succession). This is a breaking change for everything related to public keys.

This release implements Dirty Elligator 2, which is a system of ephemeral key creation and hiding. Covert had previously implemented the Elligator 2 algorithm in an effort to avoid any distinguishability from random data. Well, it turned out to be trickier than expected, as there still was a leakage of 3 bits in the form of Elliptic Curve subgroup selection. Actually, anyone who cares for that much technical detail should check out the issue and PR related to that, as there is plenty of highly educational discussion there. It should be noted that 0.6.0 uses our custom Python implementation of Ed25519 due to libsodium's shortcomings but that we are already working on making it instead use the excellent Monocypher library for such calculations (obviously also for better security).

Signatures have also been finally implemented using Signal's XEdDSA protocol (like Dirty Elligator, for now implemented in plain Python in the covert.elliptic submodule). This enables all types of 25519 keys to be used for both signing and encryption.

Other than cryptography, the GUI has also been largely rewritten, although bugs are still to be expected and will be fixed in shortly upcoming patch releases. The rewrite adds further functionality than before but more importantly makes future development much easier.

CLI has gained a new feature that had been requested by a couple of users: editing of files without extracting the plain text in between. This can be useful for keeping notes in an encrypted archive without ever exposing the contents to the hard drive. Use covert edit to edit any password-encrypted archive.

Automated testing and coverage CI has been in use for about a month now and we are steadily increasing coverage and making Covert more reliable by thoroughly testing all code.

What's Changed

• Changes for armor_max_size and tty_max_size. by @rocketdey in Changes for armor_max_size and tty_max_size. #59
• Minor cleanup of CLI main by @covert-encryption in Minor cleanup of CLI main #62
• Dirty Elligator for better hiding of the ephemeral key by @covert-encryption in Dirty Elligator for better hiding of the ephemeral key #61
• Improve CLI error messages and testing by @covert-encryption in Improve CLI error messages and testing #64
• Support editing archives, keeping encrypted notes by @covert-encryption in Support editing archives, keeping encrypted notes #65
• Added tests to test_cli by @rocketdey in Added tests to test_cli #69
• GUI improvements by @covert-encryption in GUI improvements #68

Full Changelog: v0.5.4...v0.6.0

A special THANK YOU

The Monocypher author @LoupVaillant reported elligator's dirty secret to us and has been far more than just helpful in getting the issue fixed and the fix thoroughly reviewed, and has given valuable feedback on signatures and other design details as well. We salute you!

It is no small feat that he apparently wrote the first and only implementation of what we have now dubbed the Dirty Elligator 2, using bits and pieces of information that hardly anyone in the world knows, filling in the blanks himself. Yes, the theory of Ed25519 was well known, and the Elligator 2 paper is known by people familiar with cryptography but the devil is in those dirty details!

---

This discussion was created from the release v0.6.0.