← Back to documentation

Cryptographic Algorithms used in Gankpo

Modern, standardized cryptographic building blocks aligned with ANSSI recommendations

Gankpo relies exclusively on modern, standardized cryptographic building blocks aligned with ANSSI recommendations and industrial standards. The core implementation relies on the following algorithms:

1. Hashing (Hash)

PrimaryBLAKE3
  • • Calculation of payload fingerprint (file content)
  • • Calculation of header checksum
  • • Nonce derivation in certain flows
  • • Support for fast file comparison and internal integrity

Rust Library: blake3

SecondarySHA-256
  • • Used notably for SPKI pinning in PKI (pin_sha256)
  • • Support for X.509 certificates and certain external integrations

Rust Library: sha2

2. Digital Signature

Primary

Ed25519 (modern elliptic curve)

Signature of the full GKP:

header || metadata || encrypted_payload || payload_hash

Public Key

32 bytes

Signature

64 bytes

Rust Library

ed25519-dalek

Guarantees the authenticity of the electronic original and the identity of the signer

3. AEAD Encryption (Authenticated Encryption with Associated Data)

RecommendedAES-256-GCM

Payload encryption (file content)

Nonce96 bits (12 bytes)
Clé256 bits (32 bytes)
AADheader + metadata

Benefits from hardware support (AES-NI) on many platforms

Rust Library: aes-gcm

AlternativeChaCha20-Poly1305

Modern alternative to AES-256-GCM

Nonce96 bits (12 bytes)
Clé256 bits (32 bytes)

Particularly suitable for environments without AES acceleration

Rust Library: chacha20poly1305

4. Key Derivation (KDF)

Master KeyArgon2id

Master derivation from a password

Paramètresm=256MiB, t=3, p=1, v=0x13
Salt32 bytes
Sortie32 bytes (master_key)

Resistant to GPU/ASIC attacks (OWASP compliant)

Rust Library: argon2

Content KeyHKDF

Content key derivation

Entréemaster_key (Argon2id)
Saltsalt_kdf (32 bytes)
Info"GKP content v2.1"
Sortie32 bytes (content_key)

Rust Library: hkdf

5. Encoding / Serialization

Standard

Canonical CBOR (RFC 8949 §4.2)

Serialization of GKP metadata

  • Strict lexicographical sorting of keys
  • Minimal encoding, strict UTF-8
  • Allows a stable and verifiable representation of metadata

Rust Libraries: ciborium, serde_cbor

6. Integrity Verification

Complementary

CRC32

  • • Fast corruption detection on certain structures
  • • Used in addition to BLAKE3 for header checksum
  • • Lightweight and fast checks

CRC32 offers basic and ultra-fast corruption detection, while BLAKE3 ensures strong cryptographic verification.

7. PKI & Timestamping

StandardX.509
  • • PKI certificate management, certificate chains
  • • OCSP/CRL validation
  • • Extended Key Usage (EKU) adapted for document signing

Rust Libraries: x509-parser, der-parser

TimestampingRFC 3161 - TSA

Time Stamping Authority

  • • TSA token encoded in DER
  • • Timestamping of the BLAKE3 hash of the payload
  • • Proves that at a given time, the file possessed this fingerprint

Guarantees the creation or signature date of the document

Summary by function

FunctionMain algorithmAlternative
HashingBLAKE3SHA-256
SignatureEd25519
AEAD EncryptionAES-256-GCMChaCha20-Poly1305
KDF (password)Argon2id
KDF (content)HKDF
SerializationCanonical CBOR
PKI / CertificatesX.509

Design Choices

Why these algorithms?

BLAKE3

Faster than SHA-256, parallelizable, modern security

Ed25519

Fast signatures, short keys (32 bytes), widely audited

AES-256-GCM / ChaCha20-Poly1305

Modern AEAD standards, hardware support or optimized

Argon2id

Recommended by OWASP for password derivation, resistant to GPU/ASIC attacks

HKDF

Safe derivation of multiple keys from a single master key

Compliance and Best Practices

All algorithmic choices are aligned with ANSSI recommendations and international best practices for document proof and signature systems.

Cryptographic Algorithms - Gankpo