ENDY 1.0 is a C++ command-line utility designed to demonstrate the fundamental architecture of a symmetric encryption system. It implements a complete cryptographic pipeline including salt generation, password-based key derivation (PBKDF2-inspired), XOR stream encryption, and message integrity verification (MAC).
This project is strictly for educational purposes to illustrate cryptographic concepts without relying on external libraries such as OpenSSL.
The following screenshots show a sample testcase for both Encryption and Decryption:
Proper encryption and decryption:
Using wrong password for decryption:
Tampering encrypted text to interfere with MAC hence losing integrity and failing:
The following diagrams illustrate the data flow for the encryption and decryption processes, detailing how the password and salt are transformed into the final encrypted payload and reversed.
Encryption:
Decryption:
The output format is a Fixed-Width string containing all metadata required for decryption. It does not use delimiters; instead, it relies on strict character counts for parsing.
classDiagram
class Payload {
+String Version (5 chars)
+Hex Salt (32 chars)
+Hex Iterations (8 chars)
+Hex MAC (16 chars)
+Hex Ciphertext (Variable)
}
note for Payload "Format: [VERSION][SALT][ITERATIONS][MAC][CIPHERTEXT]"
| Component | Length(Chars) | Type | Description |
|---|---|---|---|
| Version | 5 | String | Protocol identifier fixed as "ENDY1" |
| Salt | 32 | Hex String | 16 bytes of random entropy (hex encoded) |
| Iterations | 8 | Hex String | Key derivation work factor (padded hex) |
| MAC | 16 | Hex String | 64-bit Integrity signature (truncated hash) |
| Ciphertext | Variable | Hex String | Encrypted message data (rest of string) |
- Zero Dependencies: Uses only the C++17 standard library.
- Fixed-Width Protocol: Clean, professional output format without delimiters.
- Unique Salting: Random std::random_device salt per encryption.
- Key Stretching: Iterative hashing to resist brute-force attacks.
- Integrity Verification: Encrypt-then-MAC ensures tamper resistance.
- Versioned output format for forward compatibility
- C++ compiler supporting C++17
- Optional build tools such as Make
g++ -std=c++17 -o endy endy.cpp./endyEncrypted output example:
ENDY18fb959ea0198df83f5f92ba95187b3c90000271000000000a59860aaf4fc565c4dc17cfa6c92f901
The password is never used directly as an encryption key.
Input:
- User password
- Random salt
Process:
- Password and salt are hashed 10000 times using std::hash
- The final hash seeds std::mt19937 to generate a deterministic key stream
Output:
- Key stream matching the plaintext length
Encryption: Ciphertext[i] = [ Plaintext[i] ] XOR [ Key[i] ]
Decryption: Plaintext[i] = [ ciphertext[i] ] XOR [ Key[i] ]
The same operation is used for encryption and decryption.
A message authentication code is generated after encryption.
Formula: MAC = Hash(Ciphertext concatenated with DerivedKey)
During decryption, the MAC is recomputed. If the values do not match, decryption is aborted immediately.
This software uses std::hash and std::mt19937 which are not cryptographically secure primitives. It is intended strictly for educational use and must not be used to protect sensitive data.