description | A simple file encryption tool |
owner | m@bitsnbites.eu |
last change | Sat, 4 May 2024 18:43:34 +0000 (4 20:43 +0200) |
URL | git://repo.or.cz/ezcrypt.git |
https://repo.or.cz/ezcrypt.git | |
push URL | ssh://repo.or.cz/ezcrypt.git |
https://repo.or.cz/ezcrypt.git (learn more) | |
bundle info | ezcrypt.git downloadable bundles |
content tags |
A tool for strong encryption of arbitrary files.
All code is free and unencumbered software released into the public domain, including the cryptographic algorithms.
For more information, see unlicense.org.
Encryption is done in four layers. At each level a different cipher is used, and each level has its own encyrption key and its own initialization vector (IV). The different ciphers are:
The key at each level is generated from a combination of the user supplied passphrase, an optional user supplied 256-bit pepper and a per-level 256-bit salt. This is done using a custom compute intensive key derivation function called ZKDF.
The salt and the IV for each encryption level is generated from system level entropy (i.e. highly random data), and is different for each run of ezcrypt. Thus encrypting the same file twice will result in two different ciphertexts (even if the same passphrase is used).
The pepper is the SHA2-256 hash of the contents of a user supplied pepper file (thus the pepper file can be any kind of file, even a binary file).
Note that the encrypted file does not contain any header or other identification metadata. This is by design.
Prerequisites: A C compiler and CMake.
To build:
mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release ../src
cmake --build .
The resulting executable file is out/ezcrypt
.
To install:
sudo cmake --install .
To run the unit tests:
CTEST_OUTPUT_ON_FAILURE=ON cmake --build . -t test
Encrypt the file myfile
, with the passphrase provided via a terminal prompt. The output file is called myfile.z
(the original file is kept):
$ ezcrypt myfile
Enter passphrase:
Again:
Decrypt the file myfile.z
, with the passphrase provided via a terminal prompt. The output file is called myfile
(the original file is kept):
$ ezcrypt -d myfile.z
Enter passphrase:
Decrypt the file myfile.z
to stdout, with the passphrase provided via the environment variable $SECRET
:
$ ezcrypt --show -E SECRET myfile.z
$ echo "Hello world!" | ezcrypt -E SECRET | ezcrypt -d -E SECRET
Hello world!
Edit the plaintext contents of the encrypted file myfile.z
, using the default text editor (e.g. $EDITOR
or notepad.exe
):
$ ezcrypt --edit myfile.z
Note: If the plaintext is not modified by the editor, myfile.z
remains unmodified. This is useful if you accidentally use the wrong passphrase (you will notice right away since the plaintext will appear as garbage), in which case you can just exit the editor.
8 hours ago | v1.1.1 | commitlog | ||
17 hours ago | v1.1.0 | commitlog | ||
40 hours ago | v1.0.0 | commitlog | ||
3 weeks ago | v0.18.6 | commitlog | ||
14 months ago | v0.18.5 | commitlog | ||
14 months ago | v0.18.4 | commitlog | ||
14 months ago | v0.18.3 | commitlog | ||
14 months ago | v0.18.2 | commitlog | ||
14 months ago | v0.17.0 | commitlog | ||
14 months ago | v0.18.1 | commitlog | ||
14 months ago | candidate-1 | commitlog | ||
14 months ago | v0.18.0 | commitlog | ||
14 months ago | v0.16.1 | commitlog | ||
14 months ago | v0.16.0 | commitlog | ||
14 months ago | v0.15.1 | commitlog | ||
14 months ago | v0.15.0 | commitlog | ||
... |
8 hours ago | master | logtree |