Still trying to design a fully binary cryptography container format for my mobile app, I am here asking if container is ever relevant.
Thanks to Apple, I cannot use GPG directly because I can neither call GPG through GPGME (fork(2) is not allowed) nor embed it (license conflicts)
The container format is simple ar(1) format that store its contents in plaintext, probably then compressed with some algorithm like Gzip. I am wondering if the container format affects the security of the already encrypted data, the MAC and IV that is held as separate entities within.
The plan is to use AES-CTR (or AES-CFB, or AES-OFB, or my homebrew cipher SHA512-HMAC-OFB which turned out to be just as fast as AES thanks to its larger block size) to encrypt the data and put it in the archive file (data.obj in the archive), its initialization vector in plain (iv.bin), asymmetrically encrypted symmetric key (key.bin, if relevant), the SHA512-HMAC of the archive in "check archive" form that is described below (mac.bin) and some metadata (algorithms used, compression of plaintext used, probably a user supplied tag in plain text) in plain (info.json)
EDIT
ar(1) format stores file name (up to 16 characters), owner UID/GID, modification time, file mode (permissions) in its file header.
MAC (or signature) is calculated on a "check archive": every entity except the MAC (or signature) itself are in the check archive, which is also in ar(1) format, sorted in binary order based on their file names, retaining all their properties (name, owner, modification date and file mode).
