version 1 (revision 1)
An Oboron format represents the full transformation of the plaintext to the encrypted text (obtext), including:
Formats combine a scheme (cryptographic algorithm) with an encoding (string representation):
aasv)
c32)
aasv.c32)
Given an encryption key, the format thus uniquely specifies the complete transformation from a plaintext string to an encoded obtext string.
Formats are represented by identifiers:
ob:{scheme}.{encoding}, (URI-like syntax, e.g., ob:aasv.c32),
{scheme}.{encoding}, when the context is clear
API Notes:
ob: namespace prefix is NOT
used in the oboron API. Formats
like aasv.c32 MUST be used
directly.
enc/dec names for
methods and functions. The enc
operation comprises the full process, including
the encryption and encoding stages.
b32 - standard base32:
Balanced compactness and readability, uppercase alphanumeric (RFC 4648 Section 6)
c32 - Crockford base32:
Balanced compactness and readability, lowercase alphanumeric; designed to avoid accidental obscenity
b64 - standard URL-safe base64:
Most compact, case-sensitive, includes - and _ characters (RFC 4648 Section 5)
hex - hexadecimal:
Slightly faster performance (~2-3%), longest output
FAQ: Why use Crockford's base32 instead of the RFC standard one?
Crockford's base32 alphabet minimizes the probability of accidental obscenity words, which is important when using with short prefixes: Whereas accidental obscenity is not an issue when working with full encrypted outputs (as any such words would be buried as substrings of a 28+ character long obtext), it may become a concern when using short prefixes as references or quasi-hash identifiers.
Schemes define the encryption algorithm and its properties, classified into tiers:
a-tier - Authenticated
ob:aasv,
ob:aags,
ob:apsv,
ob:apgs
a-tier schemes for security-critical applications
u-tier - Unauthenticated
ob:upbcz-tier - Obfuscation tier
ob:zrbcx - deterministic obfuscation with constant IVThe second letter of the scheme ID further describes the properties of the scheme:
.a.. - avalanche, deterministic
ob:aasv,
ob:aags
.p.. - probabilistic
ob:apsv,
ob:apgs,
ob:upbc
The remaining two letters in scheme IDs indicate the algorithm:
gs = AES-GCM-SIVsv = AES-SIVbc = AES-CBC| Scheme | Algorithm | Deterministic? | Authenticated? | Notes |
|---|---|---|---|---|
ob:aasv |
AES-SIV | Yes | Yes | General purpose, deterministic |
ob:aags |
AES-GCM-SIV | Yes | Yes | Deterministic alternative |
ob:apsv |
AES-SIV | No | Yes | Maximum privacy protection |
ob:apgs |
AES-GCM-SIV | No | Yes | Probabilistic alternative |
ob:upbc |
AES-CBC | No | No | Unauthenticated - use with caution |
Key Concepts:
ob:aasv:
General-purpose secure encryption with deterministic output and compact size
ob:apsv:
Maximum privacy with probabilistic output (larger size due to nonce)
ob:upbc:
Only when integrity is handled externally
Note on encryption strength: All
a-tier andu-tier schemes MUST use 256-bit AES encryption. Thez-tier uses 128-bit AES for performance in non-security contexts.
Oboron combines encryption and encoding in a single operation, requiring specific terminology:
enc operation (encryption + encoding),
distinct from cryptographic ciphertext
The cryptographic ciphertext (bytes, not string) is an internal implementation detail, NOT exposed in the public API.
The high-level process flow is:
enc operation:
[plaintext] (string)
-> encryption
-> [ciphertext] (bytes)
-> encoding
-> [obtext] (string)
dec operation:
[obtext] (string)
-> decoding
-> [ciphertext] (bytes)
-> decryption
-> [plaintext] (string)
The above diagram is conceptual; actual
implementation includes scheme-specific steps like
scheme byte appending and (for z-tier
schemes only) optional ciphertext prefix
restructuring. With this middle-step included, the
diagram becomes:
enc operation:
[plaintext]
-> encryption
-> [ciphertext]
-> oboron pack
-> [payload]
-> encoding
-> [obtext]
dec operation:
[obtext]
-> decoding
-> [payload]
-> oboron unpack
-> [ciphertext]
-> decryption
-> [plaintext]
In a-tier and u-tier
schemes, the difference between the payload and
the ciphertext is in the 2-byte scheme marker that
is appended to the ciphertext, enabling scheme
autodetection in decoding.
Oboron's CBC schemes use a custom padding scheme optimized for UTF-8 strings:
Rationale: Oboron is defined to
operate exclusively on UTF-8 strings, not
arbitrary binary data. This is a protocol-level
requirement: all enc operations MUST
accept a UTF-8 string input and all
dec operations MUST return a UTF-8
string. The 0x01 padding byte can never appear in
valid UTF-8 input, ensuring unambiguous decoding.
Under the UTF-8 input constraint, this padding is
functionally equivalent to PKCS#7 and does not
weaken security. Implementations MUST enforce the
UTF-8 constraint, eliminating padding ambiguity
errors at runtime.
Oboron uses a single 512-bit master key partitioned into algorithm-specific subkeys:
ob:aags, ob:apgs:
use the first 32 bytes (256 bits) for AES-GCM-SIV key
ob:aasv, ob:apsv:
use the full 64 bytes (512 bits) for AES-SIV key
ob:upbc:
uses the last 32 bytes (256 bits) for AES-CBC key
Design Rationale: This approach prioritizes low latency for short-string encryption. No hash-based KDF (e.g., HKDF) is used, as this would dominate runtime for intended workloads.
The master key MUST NOT leave the application. Algorithm-specific keys MUST be extracted on-the-fly and MUST NOT be cached or stored.
FAQ: Why use a single key across all schemes?
- Simplifies deployment: Store one key instead of multiple
- Reduces errors: No risk of mismatching keys to algorithms
The default key input format is base64. This is consistent with Oboron's strings-first API design. As any production use will typically read the key from an environment variable, this allows the string format to be directly fed into the constructor.
The base64 format was chosen for its compactness, as an 86-character base64 key is easier to handle manually (in secrets or environment variables management UI) than a 128-character hex key.
While any 512-bit key is accepted by Oboron, the keys generated by Oboron's key generation utilities MUST NOT include any dashes or underscores, in order to ensure the keys are double-click selectable, and to avoid any human visual parsing confusion due to underscores.
Important technical detail: Not every 86-character base64 string is a valid 512-bit key. Since 512 bits requires 85.3 bytes when base64-encoded, the final character is constrained by padding requirements. When generating keys, implementations MUST use one of the following methods:
Implementations SHOULD support the following key input formats in addition to the default base64 format:
All Oboron implementations MUST provide the following abstract interface.
enc(plaintext: string) → obtext:
string — Encrypts and encodes
the plaintext using the configured format;
returns an obtext stringdec(obtext: string) → plaintext:
string — Decodes and decrypts
the obtext; returns the original
plaintextautodec(obtext: string) →
plaintext: string — Decodes
obtext in any supported format encrypted with
the same key, without needing to know the
format in advanceA codec MUST be constructible from a key and a format specifier. Implementations MUST support construction from a base64 key string (primary interface), as well as from a hex key string or raw key bytes.
Rust:
use oboron::AasvC32;
let ob = AasvC32::new(
&env::var("OBORON_KEY")?
)?;Python:
from oboron import AasvC32
import os
ob = AasvC32(os.getenv("OBORON_KEY"))All implementations MUST provide a key generation utility that produces a valid 512-bit key encoded as a base64 string (86 characters, URL-safe alphabet, no padding characters).
Rust:
let key = oboron::generate_key();cargo run --bin keygenPython:
key = oboron.generate_key()python -m oboron.keygenOboron implementations MUST maintain full cross-language compatibility:
All implementations MUST pass the common test vectors.