I was wondering if, in ordinary operation, the 32k file chunks’ HMACs are verified during decryption
Using the excellent architecture document, I’ve written a C# program to decrypt a Cryptomator file. Though the decryption works fine, I can’t get the chunk HMACs to match the expected values. The code looks like this:
bchMac.Init(new KeyParameter(hmackey)); var bcHash = new byte[bchMac.GetMacSize()]; bchMac.BlockUpdate(headerNonce, 0, headerNonce.Length); // 16 bytes bchMac.BlockUpdate(beBlockNum, 0, beBlockNum.Length); // 8 big-endian bchMac.BlockUpdate(chunkNonce, 0, chunkNonce.Length); // 32 bytes bchMac.BlockUpdate(chunkpayload, 0, chunkpayload.Length); // 32768 bchMac.DoFinal(bcHash, 0);
Resulting hash does not does not match the last 32 bytes of the file content chunk where the expected mac value is supposed to be. But again, the decrypted file is perfect.
Thanks for any insight.