{"id":16648606,"url":"https://github.com/clach04/chi_io","last_synced_at":"2026-02-22T13:41:14.634Z","repository":{"id":48517748,"uuid":"383981274","full_name":"clach04/chi_io","owner":"clach04","description":"Pure Python read/write encryption/decryption of encrypted Tombo chi files","archived":false,"fork":false,"pushed_at":"2024-11-28T13:54:27.000Z","size":223,"stargazers_count":1,"open_issues_count":6,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-12-31T23:42:17.977Z","etag":null,"topics":["blowfish","decryption","encryption","encryption-decryption","python","python2","python3","tombo"],"latest_commit_sha":null,"homepage":"https://pypi.org/project/chi-io/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/clach04.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-07-08T02:42:04.000Z","updated_at":"2024-11-28T13:54:30.000Z","dependencies_parsed_at":"2023-12-02T08:22:47.009Z","dependency_job_id":"9362adeb-9d56-4e1c-8521-3643a4143e8b","html_url":"https://github.com/clach04/chi_io","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clach04%2Fchi_io","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clach04%2Fchi_io/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clach04%2Fchi_io/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clach04%2Fchi_io/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/clach04","download_url":"https://codeload.github.com/clach04/chi_io/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232815352,"owners_count":18580566,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blowfish","decryption","encryption","encryption-decryption","python","python2","python3","tombo"],"created_at":"2024-10-12T09:04:59.334Z","updated_at":"2025-10-08T18:07:51.469Z","avatar_url":"https://github.com/clach04.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"-- coding: utf-8 --\n\n# chi_io\n\nPure Python read/write encryption/decryption of [Tombo](https://github.com/clach04/tombo/) chi/chs [blowfish](https://www.schneier.com/academic/archives/1994/09/description_of_a_new.html) encrypted files. If you are looking for an easy to use with safe and sane defaults for encryption do NOT use this (there a more modern and better best-practices available since 2004), this is intended to be **compatible** with [Tombo](http://tombo.osdn.jp/En/), Android [Kumagusu](https://github.com/clach04/kumagusu_mirror), [MiniNoteViewer](https://github.com/clach04/mininoteviewer_mirror), [etc.](https://github.com/clach04/puren_tonbo/wiki/Tombo) Tombo chi/chs files are encrypted with blowfish and thus vulnerable to a [32-bit Birthday Attack](https://sweet32.info/). Tombo uses blowfish-CBC with a fixed IV and always uses the same key derived from a passphrase.\n\nhttps://github.com/clach04/chi_io\n\nExtracted from https://hg.sr.ht/~clach04/pytombo\n\nLibrary originally supported Python 2.1, 2.2, 2.4, 2.4, 2.5, 2.6, 2.7. Now only targets Python 2.7 and 3.x. Use older version shipped with PyTombo for Python \u003c 2.7.\n\nCan be used standalone, used by Puren Tonbo https://github.com/clach04/puren_tonbo/ which supports different encryption formats/ciphers.\n\n\n  * [Getting Started](#getting-started)\n  * [Examples](#examples)\n    + [Command line tool chi_io](#command-line-tool-chi-io)\n    + [Python code](#python-code)\n      - [In memory](#in-memory)\n      - [Using filenames](#using-filenames)\n  * [Tests](#tests)\n  * [NOTES](#notes)\n  * [Also see](#also-see)\n  * [File format specification](#file-format-specification)\n  * [TODO](#todo)\n\n\u003csmall\u003e\u003ci\u003e\u003ca href='http://ecotrust-canada.github.io/markdown-toc/'\u003eTable of contents generated with markdown-toc\u003c/a\u003e\u003c/i\u003e\u003c/small\u003e\n\n\n## Getting Started\n\nAssuming a local checkout:\n\n    python -m pip install -r requirements.txt  # runs faster Py2 and Py3, slower alternative is `python -m pip install blowfish` Python 3 only\n\n    python test_chi.py\n\n## Examples\n\n\n### Command line tool chi_io\n\n    echo test | env CHI_PASSWORD=test ./chi_tool.py  -e -s  | env CHI_PASSWORD=test ./chi_tool.py -s -v\n\n    echo test | ./chi_tool.py -p test -e -s  | ./chi_tool.py -p test -s -v\n\n    mkdir scratch\n    echo my data | python chi_tool.py -p test -e -o scratch/mynote.chi\n    echo test \u003e scratch/password\n    od -c scratch/password\n    ./chi_tool.py scratch/mynote.chi -P scratch/password\n    chi_tool.py scratch/mynote.chi | vim -  # decrypt a note and pipe into vim\n\n\n### Python code\n\n#### In memory\n\nUsing https://peps.python.org/pep-0272/ **like** API\n\n    Python 3.10.4 (tags/v3.10.4:9d38120, Mar 23 2022, 23:13:41) [MSC v.1929 64 bit (AMD64)] on win32\n    Type \"help\", \"copyright\", \"credits\" or \"license\" for more information.\n    \u003e\u003e\u003e import chi_io  # https://github.com/clach04/chi_io Python access to Tombo encrypted files\n    \u003e\u003e\u003e chi_io.implementation\n    'using PyCrypto 3.17'\n    \u003e\u003e\u003e plain_text = b'12345678'\n    \u003e\u003e\u003e mypassword = b'testing'\n    \u003e\u003e\u003e cipher = chi_io.PEP272LikeCipher(chi_io.CHI_cipher(mypassword))  # OPTIONAL! encryption and decryption will be faster on subsequent calls if the same password\n     is used\n    \u003e\u003e\u003e crypted_data = cipher.encrypt(plain_text)\n    \u003e\u003e\u003e result_data = cipher.decrypt(crypted_data)\n    \u003e\u003e\u003e assert plain_text == result_data\n\n\n#### Using filenames\n\n    Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32\n    Type \"help\", \"copyright\", \"credits\" or \"license\" for more information.\n    \u003e\u003e\u003e import chi_io  # https://github.com/clach04/chi_io Python access to Tombo encrypted files\n    \u003e\u003e\u003e chi_io.implementation\n    'using PyCrypto'\n    \u003e\u003e\u003e plain_text = b'12345678'\n    \u003e\u003e\u003e enc_fname = 'chi_io_test1.chi'\n    \u003e\u003e\u003e mypassword = b'testing'\n    \u003e\u003e\u003e mypassword = chi_io.CHI_cipher(mypassword)  # OPTIONAL! encryption and decryption will be faster on subsequent calls if the same password is used\n    \u003e\u003e\u003e chi_io.write_encrypted_file(enc_fname, mypassword, plain_text)\n    \u003e\u003e\u003e read_plain_text = chi_io.read_encrypted_file(enc_fname, mypassword)\n    \u003e\u003e\u003e assert plain_text == read_plain_text\n\n    python chi_io.py some_existing_file.chi  # will be prompted for password to decrypt existing file\n    env LANG=C.UTF-8 python chi_io.py some_existing_file.chi  # will be prompted for password to decrypt existing file\n\nNOTE write_encrypted_file() and read_encrypted_file() can take either file names or file-like objects.\n\n## Tests\n\n    python test_chi.py\n    env NO_PYCRYPTO=true python test_chi.py  # force usage of Pure Python Blowfish (slower)\n\n\n## NOTES\n\n  * PyCrypto will work fine but PyCryptodome is preferred.\n    * The known vulnerability in PyCryptodome is not in the Blowfish implementation\n  * Blowfish is not recommended by its author! Neither is ECB mode which Tombo uses (note Tombo does some additional bit fiddling but using Tombo CHI/CHS encryption for sensitive files is not recommended)\n  * GNU General Public License v3.0 https://github.com/jashandeep-sohi/python-blowfish the pure Python 3.4+ blowfish implementation works great, but is slower than PyCryptodome\n\n\n## Also see\n\nCompatible with:\n\n  * http://tombo.osdn.jp/En/\n      * https://osdn.net/projects/tombo/scm/\n      * https://osdn.net/cvs/view/tombo/\n      * Forks and mirrors\n          * https://github.com/clach04/tombo_cvs - old code, 2002-2006\n          * https://github.com/clach04/tombo - latest, with some minor new features ahead of upstream - missing CVS history, 2009+\n  * https://osdn.net/projects/kumagusu/ - by tarshi\n      * https://play.google.com/store/apps/details?id=jp.gr.java_conf.kumagusu\n      * https://github.com/clach04/kumagusu_mirror\n  * https://web.archive.org/web/20171221160557/http://hatapy.web.fc2.com/mininoteviewer.html (was http://hatapy.web.fc2.com/mininoteviewer.html) - by hatalab\n      * https://play.google.com/store/apps/details?id=jp.gr.java_conf.hatalab.mnv\n      * https://github.com/clach04/mininoteviewer_mirror\n  * Tombo Edit - by Michael Efimov\n      * https://sourceforge.net/projects/tomboedit/\n      * https://github.com/clach04/tombo_edit_mirrorfork\n   * TomboCrypt - by Michael Efimov\n       * https://osdn.net/projects/tombo/releases/p1532 simple command line utility - 32-bit binaries for Microsoft Windows and Linux\n       * https://osdn.net/projects/tombo/scm/git/Tombo/tree/master/contrib/TomboCrypt/ - source code in git can be built with `gcc -static -DTOMBO -oTomboCrypt *.cpp *.c  -lstdc++`\n       * https://osdn.net/cvs/view/tombo/Tombo/contrib/TomboCrypt/ - source code in CVS\n       * NOTE this Python chi_io library is the closest to this, as it is Python it is portable and works anywhere there is Python (know to work on intel Windows and Linux, along with arm both 32-bit and 64-bit Linux)\n\n\n## File format specification\n\nAlso see https://github.com/clach04/chi_io/wiki/CHI-File-Format\n\n`*.chi` and `*.chs` use the same format, the only difference between the\ntwo is that Tombo chs files are automatically/randomly named, using\nonly (16) digits. For example, \"0000000000000000.chs\".\n\nAn md5 checksum hash is generated from the password, this is then used as the key. I.e. KDF is md5, without any salt/IV.\n\nThe data to encrypt is prefixed with some random salt.\n\nThe key is then used to encrypt using [Blowfish cipher] (https://en.m.wikipedia.org/wiki/Blowfish_(cipher)) in cipher block chaining (CBC) mode, with  **fixed** IV of \"BLOWFISH\".\n\nCopy and paste from [Src/CryptManager.cpp](https://github.com/clach04/tombo/blob/my_changes/Src/CryptManager.cpp):\n\n    //////////////////////////////////////////////////\n    // Encrypt data and add header\n    //////////////////////////////////////////////////\n    // CryptManagerによる暗号化ファイルのフォーマット\n    // The format of the container is:\n    // 0-3  : BF01(4 bytes)\n    // 4-7  : data length (include randum area + md5sum)(4 bytes)\n    // 8-15 :* random data(8 bytes)\n    //16-31 :* md5sum of plain text(16 bytes)\n    //32-   :* data\n\n    // '*' is encrypted.\n\n  * 4-bytes : `version` : fixed to \"BF01\". No other value is valid.\n  * 4-bytes little-endian : `plaintext_length` : length of the actual plaintext (C++ comment is incorrect/misleading)\n  * encrypted payload : `encrypted_bytes` : blowfish encrypted payload, needs to be decrypted and once decypted contains:\n      * 8-bytes little-endian : `random_salt` : Random bytes that is prefixed to data before encryption\n      * 16-bytes little-endian : `plaintext_md5` : md5sum of the plaintext, essentially Authenticate Then Encrypt\n      * `plaintext_length`-bytes : `plaintext` : plain text. NOTE possible padding on the end AFTER `plaintext_length`\n\nSee code for both the KDF and the cipher [implementation](https://github.com/clach04/tombo/blob/080a85d9bce3f60a91b7e8ecd5b9f30b5c4e00f9/Src/GNUPG/blowfish.c#L616) (and padding), Blowfish (64-bit blocks) are used with additional block shuffling.\n\n## TODO\n\n  * Refactor chi_io code\n  * Implement Tombo chi/chs Cipher that follows PEP 272\n  * Update Pure python Blowfish (wrapper or upstream) to support Cipher PEP 272\n    API for Block Encryption Algorithms v1.0 https://www.python.org/dev/peps/pep-0272/\n  * Check for pycryptodomex first\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclach04%2Fchi_io","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclach04%2Fchi_io","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclach04%2Fchi_io/lists"}