支持不经过密钥派生，直接设定加密密钥

Description

Contributor guide

Tech stack

csharp

Domain

securityauthentication

Issue type

feature

DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.

3

Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.

1-2 days

Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.

stale

ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.

mostly clear

Prerequisites

Understanding of Shadowsocks protocolFamiliarity with C#Knowledge of cryptographic key derivation

Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.

25

Research direction

Start by examining the encryption handling code in the shadowsocks windows repository, likely in the `Shadowsocks.Net` or `Cryptor` classes. Review how AEAD encryption (chacha20 ietf poly1305) is currently implemented and how the key is derived from the password using HKDF. Check the issue comments for any maintainer discussion (e.g., #2927). Look at the referenced `demon.zip` tool to understand how it bypasses key derivation. The goal is to add an option to accept a pre derived key directly, which may require changes to the configuration parsing and encryption initialization.