Previously, tkn20 ciphertext was encoding the ciphertext header C1, the envelope env (containing inner ciphertext), and macData using 16-bit prefixes, which caused a limitation on the maximum size allowed for encrypting plaintexts.
With this change, the encoding now uses 32-bit prefixes for these three elements allowing to encrypt plaintexts longer than 2^16 bytes. So, ciphertexts produced by tkn20 package are now 12 bytes longer.
Changes are backwards compatible, meaning that ciphertexts in the previous format are still decryptable. The following functions are backwards-compatible:
AttributeKey.Decrypt
Attributes.CouldDecrypt
Policy.ExtractFromCiphertext
Note: Since the format of ciphertexts is changed, we need to release a version, once this gets merged.
Serializing ciphertext with 32-bit prefixes.
Previously, tkn20 ciphertext was encoding the ciphertext header
C1
, the envelopeenv
(containing inner ciphertext), andmacData
using 16-bit prefixes, which caused a limitation on the maximum size allowed for encrypting plaintexts.With this change, the encoding now uses 32-bit prefixes for these three elements allowing to encrypt plaintexts longer than 2^16 bytes. So, ciphertexts produced by tkn20 package are now 12 bytes longer.
Changes are backwards compatible, meaning that ciphertexts in the previous format are still decryptable. The following functions are backwards-compatible:
Note: Since the format of ciphertexts is changed, we need to release a version, once this gets merged.
Fixes #484