{"id":34106645,"url":"https://github.com/covert-encryption/covert","last_synced_at":"2026-03-27T04:43:11.702Z","repository":{"id":40649321,"uuid":"425518960","full_name":"covert-encryption/covert","owner":"covert-encryption","description":"An encryption format offering better security, performance and ease of use than PGP. File a bug if you found anything where we are worse than our competition, and we will fix it.","archived":false,"fork":false,"pushed_at":"2024-05-14T18:01:38.000Z","size":1144,"stargazers_count":42,"open_issues_count":14,"forks_count":12,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-11-02T16:09:10.278Z","etag":null,"topics":["crypto","cryptography","encryption","gpg","purb","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/covert-encryption.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null}},"created_at":"2021-11-07T14:02:08.000Z","updated_at":"2025-04-08T16:33:08.000Z","dependencies_parsed_at":"2022-08-09T23:51:06.679Z","dependency_job_id":null,"html_url":"https://github.com/covert-encryption/covert","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/covert-encryption/covert","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/covert-encryption%2Fcovert","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/covert-encryption%2Fcovert/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/covert-encryption%2Fcovert/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/covert-encryption%2Fcovert/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/covert-encryption","download_url":"https://codeload.github.com/covert-encryption/covert/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/covert-encryption%2Fcovert/sbom","scorecard":{"id":306193,"data":{"date":"2025-08-11","repo":{"name":"github.com/covert-encryption/covert","commit":"96658bb4921af06293000ff2109d954efbf317b1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.1,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":4,"reason":"Found 14/30 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/tests-and-coverage.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":4,"reason":"security policy file detected","details":["Info: security policy file detected: docs/SECURITY.md:1","Warn: no linked content found","Info: Found disclosure, vulnerability, and/or timelines in security policy: docs/SECURITY.md:1","Info: Found text in security policy: docs/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-and-coverage.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/covert-encryption/covert/tests-and-coverage.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-and-coverage.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/covert-encryption/covert/tests-and-coverage.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests-and-coverage.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/covert-encryption/covert/tests-and-coverage.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/tests-and-coverage.yml:33","Warn: pipCommand not pinned by hash: .github/workflows/tests-and-coverage.yml:34","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T22:07:05.342Z","repository_id":40649321,"created_at":"2025-08-17T22:07:05.342Z","updated_at":"2025-08-17T22:07:05.342Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27630404,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-10T02:00:12.818Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","cryptography","encryption","gpg","purb","security"],"created_at":"2025-12-14T18:03:03.813Z","updated_at":"2025-12-14T18:03:57.044Z","avatar_url":"https://github.com/covert-encryption.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cimg src=\"https://github.com/covert-encryption/covert/blob/main/docs/logo.webp?raw=true\" width=\"220\" alt=\"Logo\" align=\"left\"\u003e\n\n# Covert Encryption\n\n*A file and message encryptor with strong anonymity*\n\n* **ChaCha20-Poly1305** stream cipher with authentication\n* **Argon2** secures shorter passwords against cracking\n* **Curve25519** public key encrypt \u0026 sign with [SSH](https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54), [Age](https://age-encryption.org/) and [Minisign](https://jedisct1.github.io/minisign/) keys\n\n## Anonymity, privacy and authenticity\n\nThe encrypted archive looks exactly like random data, providing **deniability**. Every byte is protected so that not only is reading prevented but **authenticity** is also verified, protecting your data against any outsiders, and files may also be **signed** if necessary.\n\nOther encryption tools add unencrypted headers revealing the recipients and other metadata. Covert was created to address this very problem, to stop *all* information leakage.\n\nA message (base64 or binary) has no headers or anything else that could be recognized:\n```\nR/i7oqt9QnTnc6Op9gw9wSbYQq1bfYtKAfEOxpiQopc0SsYdLa12AUkg0o5s4KPfU6eZX59c4SXD2F8efFCEUeU\n```\n\nCovert generates easy passphrases like `oliveanglepeaceethics` for the above. The encoded message includes random padding to hide the length of the message and it is still shorter than others. For comparison, `gpg` needs six lines instead of one and still ends up revealing the exact length of the message.\n\n## Installation\n\n[Python](https://www.python.org/downloads/) `pip` installs `qcovert` and `covert` on your system:\n\n```\npip install \"covert[gui]\"\n\nqcovert      # Run GUI, or\ncovert       # Run in terminal\n```\n\nPython 3.9 or 3.10 is required. On systems still using older versions, you may need to install by:\n```\npython3.9 -m pip install covert\n```\n\nDevelopers should install a dev repo in editable mode: (consider also using [pipenv](https://pipenv.pypa.io/en/latest/))\n```\ngit clone https://github.com/covert-encryption/covert.git\ncd covert\npip install -e \".[dev,gui]\"\n```\n\n## File I/O speeds matching the fastest SSDs\n\n\u003cimg src=\"https://github.com/covert-encryption/covert/blob/main/docs/benchmark.webp?raw=true\" width=\"700\" alt=\"Benchmark results. Covert up to 4 GB/s.\"\u003e\n\nCovert is the fastest of all the popular tools in both encryption (blue) and decryption (red).\n\nProgram|Lang|Algorithms|Operation\n|---|---|---|---|\nCovert | Python | chacha20‑poly1305 sha512‑ed25519 | encrypt with auth and signature\nAge | Go | chacha20-poly1305 | encrypt with auth\nRage | Rust | chacha20-poly1305 | encrypt with auth\nOpenSSL | C | aes256-ctr (hw accelerated) | encrypt only\nGPG | C | aes128-cfb, deflate | encrypt with auth and compression\nMinisign | C | blake2b-512 ed25519 | signature only (for reference)\n\n## A few interesting features\n\nFiles of any size may be attached to messages without the use of external tools, and without revealing any metadata such as modification times.\n\nA completely different ciphertext is produced each time, usually of different size, even if the message and the key are exactly the same. Other crypto tools cannot do this.\n\nCovert messages are much shorter than with other cryptosystems, accomplished by some ingenious engineering.\n\nA key insight is that a receiver can *blindly* attempt to decrypt a file with many different keys and parameters until he finds a combination that authenticates successfully. This saves valuable space on short messages and improves security because no plain text headers are needed.\n\n![Screenshot](https://github.com/covert-encryption/covert/raw/main/docs/covert-gui.webp)\n\n## A secure desktop app\n\nCovert comes with a graphical user interface built in. Unlike PGP GUIs, Covert does not use external CLI tools but instead does everything inside the app. Storing the plain text message on disk at any point exposes it to forensic researchers and hackers who might be scanning your drive for deleted files, and unfortunately there have been such leaks with popular PGP programs that use temporary files to communicate with external editors or with the `gpg` tool.\n\n## Additional reading\n\n* [Covert Format Specification](https://github.com/covert-encryption/covert/blob/main/docs/Specification.md)\n* [Covert Security and Design Rationale](https://github.com/covert-encryption/covert/blob/main/docs/Rationale.md)\n* [Reducing Metadata Leakage](https://petsymposium.org/2019/files/papers/issue4/popets-2019-0056.pdf) (a related research paper)\n* [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html)\n\nCovert is in an early development phase, so you are encouraged to try it but avoid using it on any valuable data just yet. We are looking for interested developers and the specification itself is still open to changes, no compatibility guarantees.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcovert-encryption%2Fcovert","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcovert-encryption%2Fcovert","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcovert-encryption%2Fcovert/lists"}