{"id":18773350,"url":"https://github.com/jorisvink/nyfe","last_synced_at":"2025-04-13T09:07:34.490Z","repository":{"id":194312800,"uuid":"690766265","full_name":"jorisvink/nyfe","owner":"jorisvink","description":"A software based file encryption tool where all cryptographic parts are based on a single cryptographic permutation: Keccak-f[1600,24]. || This is a read-only mirror, pull requests are ignored.","archived":false,"fork":false,"pushed_at":"2025-03-02T15:58:26.000Z","size":4159,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-13T09:07:28.138Z","etag":null,"topics":["cryptography","file-encryption","keccak-sponge"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jorisvink.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-12T20:44:23.000Z","updated_at":"2025-03-02T15:58:29.000Z","dependencies_parsed_at":"2023-09-12T20:59:34.178Z","dependency_job_id":"76a649ef-af48-41fd-9f1f-80c22df16af4","html_url":"https://github.com/jorisvink/nyfe","commit_stats":null,"previous_names":["jorisvink/nyfe"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorisvink%2Fnyfe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorisvink%2Fnyfe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorisvink%2Fnyfe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorisvink%2Fnyfe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jorisvink","download_url":"https://codeload.github.com/jorisvink/nyfe/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248688567,"owners_count":21145766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","file-encryption","keccak-sponge"],"created_at":"2024-11-07T19:33:44.007Z","updated_at":"2025-04-13T09:07:34.450Z","avatar_url":"https://github.com/jorisvink.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nyfe\n\nA software based file encryption tool where all cryptographic parts\nare based on a single cryptographic permutation: Keccak-p[1600,24].\n\nNyfe is very minimal and lightweight as it has no external dependencies.\n\n# License\n\nNyfe is licensed under the ISC license.\n\n# Cryptography\n\nWARNING: Nyfe uses experimental sponge-based cryptography.\n\n## Disclaimer\n\nThis is a personal research project of mine and at most it's a little broken.\n\n**You** probably do not want to use this.\n\n## Confidentiality and Integrity\n\nIts confidentiality and integrity are protected under Agelas.\n\nAgelas is an experimental Authenticated Encryption stream cipher\nthat is constructed with Keccak-f[1600,24] in combination with\na duplex-sponge.\n\n## KDF\n\nKMAC256 is used as a KDF for all derivations that take place.\n\nKMAC256 is a NIST standard.\n\n## Random\n\nThe random system in Nyfe is also based on Keccak.\n\nIn this case, it will instantiate an Agelas context with keys\nthat are derived from a random seed from the system which are\nrun through KMAC256.\n\nIt then allows random byte generation of up to 960 bytes before\nrekeying itself.\n\nAn 64-byte ondisk entropy file under $HOME/.nyfe/entropy is mixed\nin if available, in addition to system entropy.\n\nThe entropy file is rewritten immediately when used.\nYou're on your own to generate that file initially.\n\n## Keys\n\nThe keys used with Agelas are derived from strong 256-bit symmetrical\nsecrets that are stored in key files.\n\nNyfe will generate a new key per file that is to be encrypted by selecting\na seed uniformly at random and using it in combination with the symmetrical\nkey from the given key file to derive new key material via KMAC256.\n\n## Metadata\n\nThe lack of meta-data in encrypted files is by design.\n\n# Performance\n\nPerformance is not considered at this stage, code correctness\nand extreme care in handling sensitive data was.\n\n# Building\n\nNyfe has been compiled on OpenBSD, MacOS 13.x and Ubuntu 22.04.\n\nThe only real dependency is a decent libc and compiler.\n\n```\n$ make\n# make install\n```\n\n# Tests\n\nNyfe includes the NIST SHA3 tests for SHA3-256, SHA3-512,\nSHAKE128 and SHAKE256.\n\nYou can run them on your machine by invoking the right target.\n\n```\n$ make clean\n$ make keccak-tests\n```\n\nThe inclusion of these tests are to verify that the underlying\nKeccak-p[1600,24] implementation is working correctly.\n\nUsage\n-----\n\nFirst, you'll want to initialize nyfe and generate the default keyfile:\n\n```\n$ nyfe init\n```\n\nYou can generate another keyfiles as needed:\n\n```\n$ nyfe keygen $HOME/.nyfe/different.key\n```\n\nYou can also clone keyfiles, as a means of exporting them with\na different passphrase:\n\n\n```\n$ nyfe keyclone $HOME/.nyfe/different.key shared.key\n```\n\nNow you can encrypt some things with the default key:\n\n```\n$ nyfe encrypt myarchive.tar myarchive.nyfe\n```\n\nYou can pipe straight into nyfe too if thats your thing:\n\n```\n$ tar zcv myarchive | nyfe encrypt -f $HOME/.nyfe/different.key myarchive.nyfe\n```\n\nYou can also let nyfe output the encrypted data to stdout:\n\n```\n$ tar zcv myarchive | nyfe encrypt \u003e myarchive.nyfe\n```\n\nDecrypting is pretty similar:\n\n```\n$ nyfe decrypt myarchive.nyfe myarchive.tar\n```\n\nYou can also pipe into nyfe for decryption:\n\n```\n$ cat myarchive.nyfe | nyfe decrypt -f $HOME/.nyfe/different.key myarchive.tar\n```\n\nWhen decrypting Nyfe will refuse to output decrypted data to stdout since\nthat is a security risk as the data output is not yet verified and Nyfe does\nnot do chunks or intermediate tags.\n\n# Defaults\n\nWhen encrypting or decrypting, the -f flag specifies what keyfile to use.\n\nIf the -f flag is omitted, Nyfe will use $HOME/.nyfe/secret.key by default.\n\n# Mascotte\n\nBecause mascottes are cool, here's SpongeNyfe:\n\n\u003cimg src=\"logo.png\" alt=\"Nyfe\" width=\"256px\" /\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjorisvink%2Fnyfe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjorisvink%2Fnyfe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjorisvink%2Fnyfe/lists"}