Skip to content
/ tulum Public

Simple, fast, zero-configuration file encryption

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DavidHuie/tulum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
.circleci
.circleci
 
 
images
images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
crypto.go
crypto.go
 
 
crypto_test.go
crypto_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Tulum

CircleCI

Tulum is a simple tool for encrypting and decrypting data without any knowledge of cryptography. Tulum has only two, zero-configuration operations, preventing confusion and user error. Tulum was designed to adhere to the UNIX philosophy by both being composable and doing one thing well. In comparison to tools like OpenSSL and GPG, Tulum is considerably easier to use for symmetric encryption.

Tulum's provides sane defaults for most users. In terms of cryptography, Tulum offers 256-bits of security by encrypting using AES-256-CTR, keyed BLAKE2b-256 as a MAC, and HKDF-BLAKE2b-256 for key derivation. These cryptography modes provide authenticated encryption, where decryption fails if an adversary modifies the encrypted data. Additionally, Tulum always generates a new key for each encryption operation, preventing key reuse. Tulum uses stdin and stdout for IO operations, allowing the user to extend Tulum with other Unix CLI tools.

Background

Tulum performs symmetric encryption, where a random string, called a key, is used to both encrypt and decrypt data. Without the key, it is practically impossible to decrypt an encrypted payload, providing the privacy features people expect. Tulum generates keys automatically, so keys are only really useful for decryption.

Since the key enables decryption of your data, store keys safely! Keys should not be transferred with the encrypted data, and they should not be visible to other users on your computer (keys are assigned file attributes of 0400 by default). Additionally, Tulum generates a unique key for each encryption operation, so make sure that keys aren't confused between encrypted payloads.

Installation

With Go 1.11+, Tulum can be installed as follows:

go get -u github.com/DavidHuie/tulum

Usage

% tulum -h
Tulum is a simple, fast, zero-configuration file encryption tool.

Tulum provides 256-bits of security using the following cryptography:
  Encryption: AES-256 in counter mode
  MAC: Keyed BLAKE2b-256
  Key derivation: HKDF with BLAKE2b-256

Usage:
  tulum [flags] [file]

Flags:
  -dec
    	decrypt from file argument or stdin, writing output to stdout
  -enc
    	encrypt from file argument or stdin, writing output to stdout (default true)
  -key string
    	the path to the key (default "key.asc")

To encrypt the file f, storing the key in key.asc and the ciphertext (the encrypted file) in f.enc:

% tulum f > f.enc
# Or
% cat f | tulum > f.enc

Optionally, to encrypt the file f, storing the key in my-key.asc and the ciphertext in f.enc:

% tulum -key my-key.asc f > f.enc
# Or
% cat f | tulum -key my-key.asc > f.enc

To decrypt the file f.enc with the key key.asc:

% tulum -dec f.enc > f.dec
# Or
% cat f.enc | tulum -dec > f.dec

Optionally, to decrypt the file f.enc with the key my-key.asc:

% tulum -dec -key my-key.asc f.enc > f.dec
# Or
% cat f.enc | tulum -dec -key my-key.asc > f.dec

About

Simple, fast, zero-configuration file encryption

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages