{"id":38020265,"url":"https://github.com/ansemjo/aenker","last_synced_at":"2026-01-16T19:28:24.429Z","repository":{"id":57553884,"uuid":"144472361","full_name":"ansemjo/aenker","owner":"ansemjo","description":"authenticated encryption on the commandline using a chunked construction similar to intermaclib","archived":false,"fork":false,"pushed_at":"2021-08-24T15:37:47.000Z","size":681,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-06-20T01:51:56.540Z","etag":null,"topics":["aead","authenticated-encryption","chacha20-poly1305","commandline","curve25519","ecies","go"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ansemjo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-12T14:13:07.000Z","updated_at":"2022-03-29T04:48:51.000Z","dependencies_parsed_at":"2022-09-26T19:31:02.597Z","dependency_job_id":null,"html_url":"https://github.com/ansemjo/aenker","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/ansemjo/aenker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansemjo%2Faenker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansemjo%2Faenker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansemjo%2Faenker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansemjo%2Faenker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ansemjo","download_url":"https://codeload.github.com/ansemjo/aenker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansemjo%2Faenker/sbom","scorecard":{"id":198058,"data":{"date":"2025-08-11","repo":{"name":"github.com/ansemjo/aenker","commit":"e73c71117dd1de6f3e4112db84331ce63fdcea15"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ansemjo/aenker/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/ansemjo/aenker/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/ansemjo/aenker/build.yml/main?enable=pin","Warn: goCommand not pinned by hash: .github/workflows/build.yml:35","Warn: goCommand not pinned by hash: .github/workflows/build.yml:54","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":4,"reason":"3 out of the last 5 releases have a total of 3 signed artifacts.","details":["Warn: release artifact 0.6.1 not signed: https://api.github.com/repos/ansemjo/aenker/releases/48365074","Info: signed release artifact: SHA256SUMS.asc: https://github.com/ansemjo/aenker/releases/tag/0.6.0","Warn: release artifact 0.5.2 not signed: https://api.github.com/repos/ansemjo/aenker/releases/14130878","Info: signed release artifact: SHA256SUMS.asc: https://github.com/ansemjo/aenker/releases/tag/0.5.1","Info: signed release artifact: SHA256SUMS.asc: https://github.com/ansemjo/aenker/releases/tag/0.5.0","Warn: release artifact 0.6.1 does not have provenance: https://api.github.com/repos/ansemjo/aenker/releases/48365074","Warn: release artifact 0.6.0 does not have provenance: https://api.github.com/repos/ansemjo/aenker/releases/18576427","Warn: release artifact 0.5.2 does not have provenance: https://api.github.com/repos/ansemjo/aenker/releases/14130878","Warn: release artifact 0.5.1 does not have provenance: https://api.github.com/repos/ansemjo/aenker/releases/13761363","Warn: release artifact 0.5.0 does not have provenance: https://api.github.com/repos/ansemjo/aenker/releases/13313138"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":0,"reason":"15 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0209 / GHSA-r5c5-pr8j-pfp7","Warn: Project is vulnerable to: GO-2023-1992 / GHSA-x3jr-pf6g-c48f","Warn: Project is vulnerable to: GO-2022-0229 / GHSA-cjjc-xp8v-855w","Warn: Project is vulnerable to: GO-2020-0012 / GHSA-ffhg-7mh4-33c4","Warn: Project is vulnerable to: GO-2021-0227 / GHSA-3vm4-22fp-5rfm","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2021-0061 / GHSA-r88r-gmrh-7j83","Warn: Project is vulnerable to: GO-2022-0956 / GHSA-6q6q-88xp-6f2r","Warn: Project is vulnerable to: GO-2020-0036 / GHSA-wxc4-f4m6-wwqv"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T22:12:07.393Z","repository_id":57553884,"created_at":"2025-08-16T22:12:07.393Z","updated_at":"2025-08-16T22:12:07.393Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28481726,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aead","authenticated-encryption","chacha20-poly1305","commandline","curve25519","ecies","go"],"created_at":"2026-01-16T19:28:24.333Z","updated_at":"2026-01-16T19:28:24.412Z","avatar_url":"https://github.com/ansemjo.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aenker\n\n[![codebeat badge](https://codebeat.co/badges/0a98d937-6695-4dc1-ba6f-c439226bea01)](https://codebeat.co/projects/github-com-ansemjo-aenker-master)\n\n`aenker` is a simple commandline utility to encrypt files to a public key ([Curve25519][0]) with an\nauthenticated encryption scheme ([ChaCha20Poly1305][1]). This is basically an [ECIES][2].\n\nThe input is split into smaller chunks internally and is encrypted \u0026 authenticated individually.\nPadding and concatenation is done similarly to [InterMAC][3]. The key used for encryption is derived\nwith [HKDF][4] using [Blake2b][5] after performing anonymous Diffie-Hellman with a given public and\na random ephemeral private key. All this is further described in the\n[specification](SPECIFICATION.md).\n\n[0]: https://cr.yp.to/ecdh.html\n[1]: https://tools.ietf.org/html/rfc7539\n[2]: https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme\n[3]: https://rwc.iacr.org/2018/Slides/Hansen.pdf\n[4]: https://tools.ietf.org/html/rfc5869\n[5]: https://blake2.net/\n\n![](assets/overview.png)\n\nAuthenticated encryption authenticates the ciphertext upon decryption and combined with the above\nconstruction any chunk reordering, bit-flips or even truncation can be detected and are shown as\nerrors. Only ciphertext that has been successfully decrypted and authenticated is ever written to\nthe output. The chunking still alleviates the need to fit the entire file into memory at once or do\ntwo passes over all data. Thus you can also encrypt files of many gigabytes.\n\n\n## ALTERNATIVE\n\nSee the disclaimer below. Even though I took a number of courses on information security\nand cryptography, I would *not* call myself a cryptographer.  \nIf you're looking for a **modern** and **well-vetted encryption tool**, you should take a look at\n**[age](https://github.com/FiloSottile/age)** instead.\n\nI believe aenker was started before `age` existed but the latter has seen much more development.\n\n\n## INSTALLATION\n\n### Install directly with `go`:\n\n    go get -u github.com/ansemjo/aenker\n\n### Install a binary release / package\n\nDownload a release [from GitHub](https://github.com/ansemjo/aenker/releases) (replace \n`$VERSION` with the desired release):\n\n    curl -Lo aenker https://github.com/ansemjo/aenker/releases/download/$VERSION/aenker-linux-amd64\n    chmod +x aenker\n    ./aenker --help\n\n\n### Compile from sources:\n\nDownload a [tarball from GitHub](https://github.com/ansemjo/aenker/archive/master.tar.gz) and\nuse the included `makefile` to build a static binary and embed proper version information:\n\n    cd aenker-master/\n    make\n    make install PREFIX=~/.local\n\n\n## USAGE\n\n### Key Generation\n\nFirst, you need a keypair. To generate a new random keypair use the builtin keygenerator:\n\n    aenker keygen [-f where/to/store/seckey]\n\nWithout any arguments, this will store the key in the default location `~/.local/share/aenker/aenkerkey`\nand your public key will be printed to the terminal. Send your **public** key to anyone who wants to\nencrypt data for you and keep your private key .. well, private.\n\nIf you want to display your public key later or calculate the public key to a given private key, you\ncan use the subcommand `show`:\n\n    aenker show [-k path/to/seckey]\n\n**Note:** aenker only performs anonymous Diffie-Hellman and the keys are not signed or certified. To\nprotect against man-in-the-middle attacks you should transfer the key over a secure channel or verify\nthe integrity on a different channel.\n\n### Encryption / Decryption\n\nEncrypt a simple message using the public key with the subcommand `seal`:\n\n    echo 'Hello, World!' | aenker seal -p lGLD...AFBo= \u003e message.ae\n\nDecrypt messages with the `open` subcommand. If your key is stored at the default location you can\ndecrypt a message by simply piping the encrypted message into aenker:\n\n    aenker open [-k path/to/seckey] \u003c message.ae\n\nInput and output files can be specified with the `-i` and `-o` flags respectively. The terms `seal`\nand `open` are commonly used in the context of AEADs but you can also use their aliases `encrypt`\nand `decrypt` if you prefer:\n\n    aenker decrypt -i documents.tar.ae -k mykey | tar -xf -\n\nThe key flags `-p`/`--peer` and `-k`/`--key` accept the base64-encoded keys on the commandline or\nthe name of a file which contains the key alone on one line. Specifically, the first match to the\nregular expression `/^[A-Za-z0-9+/]{43}=$/` is used, so you can add as many comments as you like to\nyour key files.\n\nSpecifying the key on the commandline is convenient for public keys but should be avoided for\nprivate keys:\n\n    ... | aenker seal -p lGLDUgFvp8TSwJ17VC9k0/T9mNWvfGoJ42zauMkAFBo= \u003e message.ae\n\n### Advanced Key Generation\n\nGenerally, Curve25519 - and thus aenker - accepts any 32 byte value as a key. You could generate a\nprivate key by any other means and then only calculate the public key to distribute it. Possibilities\ninclude:\n\n* reading 32 bytes of system randomness from `/dev/urandom`\n* use an implementation of Argon2i to derive a key from a password, i.e.\n  [ansemjo/stdkdf](https://github.com/ansemjo/stdkdf)\n* ...\n\n## DOCUMENTATION\n\nAll of the commands output a nicely formatted help message, so you can use `help` at any time:\n\n    aenker help\n\nIf you prefer, you can instead install and read manpages with:\n\n    aenker docs man -d ~/.local/share/man/\n    man aenker\n\nCompletion scripts for your shell can be generated and sourced with:\n\n     . \u003c(aenker docs completion)\n\n### File Detection\n\nAppend this piece to your `~/.magic` file:\n\n    0 string aenker\\xe7\\x9e aenker encrypted file\n    !:mime application/octet-stream\n\nAnd `file(1)` should detect encrypted files as `aenker encrypted file`.\n\n## DISCLAIMER\n\nPlease be advised that I am not a professional cryptographer. This is merely a hobby of mine which I\nhope can be useful to you.\n\n    THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n    SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansemjo%2Faenker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fansemjo%2Faenker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansemjo%2Faenker/lists"}