{"id":44781932,"url":"https://github.com/crashdump/covert","last_synced_at":"2026-02-16T08:21:33.410Z","repository":{"id":38272303,"uuid":"334541149","full_name":"crashdump/covert","owner":"crashdump","description":"Covert is a deniable encryption software.","archived":false,"fork":false,"pushed_at":"2024-07-16T04:21:08.000Z","size":84,"stargazers_count":6,"open_issues_count":4,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-07-16T07:00:53.504Z","etag":null,"topics":["cli","deniable-encryption","encryption","sdk","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crashdump.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-31T00:28:19.000Z","updated_at":"2024-07-16T04:21:07.000Z","dependencies_parsed_at":"2024-06-19T20:05:00.200Z","dependency_job_id":"519165a5-b443-4db6-85bc-b2102de0556a","html_url":"https://github.com/crashdump/covert","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/crashdump/covert","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crashdump%2Fcovert","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crashdump%2Fcovert/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crashdump%2Fcovert/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crashdump%2Fcovert/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crashdump","download_url":"https://codeload.github.com/crashdump/covert/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crashdump%2Fcovert/sbom","scorecard":{"id":307482,"data":{"date":"2025-08-11","repo":{"name":"github.com/crashdump/covert","commit":"bd92688c200f2e19bac962f02e78151e5c25518d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.8,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":-1,"reason":"Found no human activity in the last 15 changesets","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/crashdump/covert/test.yml/master?enable=pin","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: GNU Lesser General Public License v3.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.1.0 not signed: https://api.github.com/repos/crashdump/covert/releases/37139214","Warn: release artifact v0.1.0 does not have provenance: https://api.github.com/repos/crashdump/covert/releases/37139214"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T22:25:56.673Z","repository_id":38272303,"created_at":"2025-08-17T22:25:56.673Z","updated_at":"2025-08-17T22:25:56.673Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29503577,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T08:14:25.707Z","status":"ssl_error","status_checked_at":"2026-02-16T08:14:25.334Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","deniable-encryption","encryption","sdk","security"],"created_at":"2026-02-16T08:21:31.922Z","updated_at":"2026-02-16T08:21:33.396Z","avatar_url":"https://github.com/crashdump.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Covert\n\nCovert is a deniable encryption software.\n\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=crashdump_covert\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=crashdump_covert)\n[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=crashdump_covert\u0026metric=bugs)](https://sonarcloud.io/dashboard?id=crashdump_covert)\n[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=crashdump_covert\u0026metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=crashdump_covert)\n[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=crashdump_covert\u0026metric=code_smells)](https://sonarcloud.io/dashboard?id=crashdump_covert)\n\n## Disclaimer\n\nCovert is an early stage **research prototype** and comes with absolutely **no warranty**.\n\n## Description\n\n\"In cryptography and steganography, plausibly deniable encryption describes encryption techniques where\nthe existence of an encrypted file or message is deniable in the sense that an adversary cannot prove\nthat the plaintext data exists.\" – [Wikipedia](https://en.wikipedia.org/wiki/Deniable_encryption)\n\n## Scenario\n\nDeniable encryption allows the sender of an encrypted message to deny sending that message. This requires a trusted\nthird party. A possible scenario looks like this:\n\nBob needs to travel to a country with a legislation that requires individuals to surrender cryptographic keys to law\nenforcement. That being the case, Bob wants to keep his private data out of their eyes, to protect his privacy. He\ncreates two keys, one intended to be kept secret, the other intended to be sacrificed.\n\nBob constructs an innocuous message M1 (intended to be revealed to the secret police in case of discovery) and another\none, containing the personal data M2 he does not want anyone to know about.\n\nHe constructs a cipher-text C out of both messages, M1 and M2, stores it on his device.\n\nBob travels to the country, passes the border control and later uses his key to decrypt M2 (and possibly M1, in order\nto read the decoy message, too).\n\nThe secret police arrest Bob and finds the encrypted blob on his device, becomes suspicious and forces Bob to decrypt\nthe message.\n\nBob uses the sacrificial key and reveals the innocuous message M1 to the secret police. Since it is impossible for them\nto know for sure if there are other messages contained in C, they might assume that there are no other messages.\n\n## Goals\n\nBear in mind this project was created with the _requirements_ below in mind, it may not suit your use case.\n\n### Requirements\n\n* Use known and proven cryptographic algorithms (AES-256, PBKDF2) and libraries.\n* The system must be mathematically indecipherable without the key.\n* The mechanism should not require secrecy, and it should not be a problem if it falls into enemy hands.\n* An adversary cannot prove concealed content exists without observing the program's execution during encryption.\n* Portable, without any system dependencies (statically linked binaries).\n* Does not require kernel or userspace filesystems.\n\n## Algorithms\n\nCovert uses *scrypt* to hash the passphrases and *AES256-GCM* to encrypt the partitions.\n\n## Documentation\n\nAll the documentation lives in the `docs` folder.\n\n### How to\n- [Cli usage](docs/usage.md)\n- [Library](docs/library.md)\n\n### Technical details\n- [Approach](docs/approach.md)\n\n## License\n\nGNU Lesser General Public version 3. See [LICENSE.md](LICENSE.md)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrashdump%2Fcovert","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrashdump%2Fcovert","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrashdump%2Fcovert/lists"}