RemoteBox
The RemoteBox is a place where we store encrypted files. It’s a Telegram Channel, that have encoded by url safe Base64 BoxSalt in the description. By default, all created by API channels will have f"TGBOX[{VERBYTE.hex()}]: " prefix in the name.
RemoteBox file
The EncryptedRemoteBoxFile has own metadata. As per version 1 schema looks like follows:
To decrypt file’s attributes, we need to go through some steps:
Sum length of
PREFIX,VERBYTEandMETADA_SIZE(10 by default), get afixed_bytes_sizeDownload fixed bytes:
from=0,to=fixed_bytes_size; get aPREFIX,VERBYTEandMETADA_SIZEConvert
METADA_SIZEtointand verify thatMETADATA_SIZE <= defaults.Limits.METADATA_MAXDownload the metadata:
from=fixed_bytes_size,to=METADA_SIZE, receive ametadataUnpack
metadatawith thetools.PackedAttributes.unpack(metadata), receive ametadata_dictIf
BaseKeyisn’t presented, take a user’s password/phrase and callkeys.make_basekey(phrase)If
MainKeyisn’t presented, take a user’sbasekeyand callkeys.make_mainkey(basekey, metadata_dict['box_salt'])If
FileKeyisn’t presented, take a user’smainkeyand callkeys.make_filekey(mainkey, metadata_dict['file_salt'])Decrypt
metadata_dict['secret_metadata']with the user’sfilekeyUnpack
secret_metadatawith thetools.PackedAttributes.unpack(secret_metadata)If
MainKeywas presented, decryptsecret_metadata['efile_path'], get afile_path
Note
Unpacked metadata is a
{'box_salt': ..., 'file_salt': ..., 'file_fingerprint': ..., 'secret_metadata': ...};file_fingerprintis a hash of the file_path plusMainKey, not a hash of file;We need to decrypt secret_metadata with the
FileKeyand unpack it to access attributes;We always encrypt efile_path attribute with the
MainKey;Max bytesize of metadata is defined in the
defaults.Limits.METADATA_MAXvariable;RemoteBox Telegram channel doesn’t store any sensitive information. You can leave it public if you want but beware, if you’re using weak or predictable password then you can still be brute-forced;
RemoteBox store all information that store LocalBox.