File Format#

Encrypted file is a bencoded dictionary with the following keys:

key

value

description

_a

β€œsfenc”

Header

_v

1 or 2

Container version

salt

16 random bytes

Password salt. Unset if encrypted with a key

ops

integer

Argon2id opslimit. Unset if encrypted with a key (v2 only)

mem

integer

Argon2id memlimit. Unset if encrypted with a key (v2 only)

nonce

24 random bytes

Xsalsa20 nonce

payload

long binary string

Xsalsa20 + Poly1305 encrypted payload

The file is guaranteed to start with d2:_a5:sfenc2:_v

V1 and V2 differences:

  • V2 uses Argon2id, V1 uses Argon2i

  • V2 uses ops and mem form the container, V1 always uses SENSITIVE (ops=4, mem=1_073_741_824, hardcoded since 1.1)

  • V1 and V2 are equal when encrypting with a key except for the version header

V1 was used during early development. If you somehow used my dev version, you can still decode your files but it may break if libsodium changes the constants.