I wasn't able to find a clear description of the cryptography used in bupstash. There is this technical overview page, but I wasn't able to find this page linked from the web docs - and it's also pretty vague and generalized. There's a bit of information scattered here and elsewhere, but I think for such a high priority part of any backup solution, having clear documentation is important.

Compare e.g.

Borg: https://borgbackup.readthedocs.io/en/stable/internals/security.html
Restic: https://restic.readthedocs.io/en/stable/100_references.html

This seems like it would be a step towards getting the cryptography reviewed by an expert.

Thanks!

I worked on creating a custom restoration program for Bupstash v0.10.3 with the specific goal of understanding its data format better. As a result, I wrote down something about Bupstash's Cryptosystem in the restore program's documentation https://masysma.net/32/maxbupst.xhtml. Maybe it helps with understanding Bupstash's crypto?