Encryption Protocol

When sops creates a file, it generates a random 256 bit data key and
asks each KMS and PGP master key to encrypt the data key. The encrypted
version of the data key is stored in the sops metadata under sops.kms
and sops.pgp.

For KMS:

sops:
    kms:
    -   enc: CiC6yCOtzsnFhkfdIslYZ0bAf//gYLYCmIu87B3sy/5yYxKnAQEBAQB4usgjrc7JxYZH3SLJWGdGwH//4GC2ApiLvOwd7Mv+cmMAAAB+MHwGCSqGSIb3DQEHBqBvMG0CAQAwaAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAyGdRODuYMHbA8Ozj8CARCAO7opMolPJUmBXd39Zlp0L2H9fzMKidHm1vvaF6nNFq0ClRY7FlIZmTm4JfnOebPseffiXFn9tG8cq7oi
        enc_ts: 1439568549.245995
        arn: arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e

For PGP:

sops:
    pgp:
    -   fp: 85D77543B3D624B63CEA9E6DBC17301B491B3F21
        created_at: 1441570391.930042
        enc: |
            -----BEGIN PGP MESSAGE-----
            Version: GnuPG v1

            hQIMA0t4uZHfl9qgAQ//UvGAwGePyHuf2/zayWcloGaDs0MzI+zw6CmXvMRNPUsA
            pAgRKczJmDu4+XzN+cxX5Iq9xEWIbny9B5rOjwTXT3qcUYZ4Gkzbq4MWkjuPp/Iv
            qO4MJaYzoH5YxC4YORQ2LvzhA2YGsCzYnljmatGEUNg01yJ6r5mwFwDxl4Nc80Cn
            RwnHuGExK8j1jYJZu/juK1qRbuBOAuruIPPWVdFB845PA7waacG1IdUW3ZtBkOy3
            O0BIfG2ekRg0Nik6sTOhDUA+l2bewCcECI8FYCEjwHm9Sg5cxmP2V5m1mby+uKAm
            kewaoOyjbmV1Mh3iI1b/AQMr+/6ZE9MT2KnsoWosYamFyjxV5r1ZZM7cWKnOT+tu
            KOvGhTV1TeOfVpajNTNwtV/Oyh3mMLQ0F0HgCTqomQVqw5+sj7OWAASuD3CU/dyo
            pcmY5Qe0TNL1JsMNEH8LJDqSh+E0hsUxdY1ouVsg3ysf6mdM8ciWb3WRGxih1Vmf
            unfLy8Ly3V7ZIC8EHV8aLJqh32jIZV4i2zXIoO4ZBKrudKcECY1C2+zb/TziVAL8
            qyPe47q8gi1rIyEv5uirLZjgpP+JkDUgoMnzlX334FZ9pWtQMYW4Y67urAI4xUq6
            /q1zBAeHoeeeQK+YKDB7Ak/Y22YsiqQbNp2n4CKSKAE4erZLWVtDvSp+49SWmS/S
            XgGi+13MaXIp0ecPKyNTBjF+NOw/I3muyKr8EbDHrd2XgIT06QXqjYLsCb1TZ0zm
            xgXsOTY3b+ONQ2zjhcovanDp7/k77B+gFitLYKg4BLZsl7gJB12T8MQnpfSmRT4=
            =oJgS
            -----END PGP MESSAGE-----

sops then opens a text editor on the newly created file. The user adds
data to the file and saves it when done.

Upon save, sops browses the entire file as a key/value tree. Every time
sops encounters a leaf value (a value that does not have children), it
encrypts the value with AES256_GCM using the data key and a 256 bit
random initialization vector.

Each file uses a single data key to encrypt all values of a document,
but each value receives a unique initialization vector and has unique
authentication data.

Additional data is used to guarantee the integrity of the encrypted data
and of the tree structure: when encrypting the tree, key names are
concatenated into a byte string that is used as AEAD additional data
(aad) when encrypting values. We expect that keys do not carry sensitive
information, and keeping them in cleartext allows for better diff and
overall readability.

Any valid KMS or PGP master key can later decrypt the data key and
access the data.

Multiple master keys allow for sharing encrypted files without sharing
master keys, and provide a disaster recovery solution. The recommended
way to use sops is to have two KMS master keys in different regions and
one PGP public key with the private key stored offline. If, by any
chance, both KMS master keys are lost, you can always recover the
encrypted data using the PGP private key.

Message Authentication Code

In addition to authenticating branches of the tree using keys as
additional data, sops computes a MAC on all the values to ensure that no
value has been added or removed fraudulently. The MAC is stored
encrypted with AES_GCM and the data key under tree->sops->mac.