{"id":21516390,"url":"https://github.com/jsf0/aspis","last_synced_at":"2025-03-17T16:20:10.442Z","repository":{"id":239378100,"uuid":"365338413","full_name":"jsf0/aspis","owner":"jsf0","description":"command line encryption filter using NaCL","archived":false,"fork":false,"pushed_at":"2021-05-07T19:49:43.000Z","size":16,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-24T02:58:57.341Z","etag":null,"topics":["argon2","command-line","cryptography","encryption","filter","libsodium","pipe","ruby"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jsf0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-07T19:49:27.000Z","updated_at":"2021-05-20T13:28:39.000Z","dependencies_parsed_at":"2024-05-12T18:48:44.746Z","dependency_job_id":null,"html_url":"https://github.com/jsf0/aspis","commit_stats":null,"previous_names":["jsf0/aspis"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsf0%2Faspis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsf0%2Faspis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsf0%2Faspis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsf0%2Faspis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jsf0","download_url":"https://codeload.github.com/jsf0/aspis/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244066191,"owners_count":20392407,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argon2","command-line","cryptography","encryption","filter","libsodium","pipe","ruby"],"created_at":"2024-11-24T00:20:51.507Z","updated_at":"2025-03-17T16:20:10.410Z","avatar_url":"https://github.com/jsf0.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"## aspis\naspis is an encryption filter gem that encrypts anything it receives from stdin and sends the ciphertext to stdout. \nIt relies on Libsodium (via RbNaCl) for its cryptographic primitives. Output is in JSON format.\n\n-  Cipher: XSalsa20-Poly1305\n-  Public Keys: Curve25519\n-  Key exchange: X25519 (static-static Diffie Hellman)\n-  Password-based key derivation: Argon2i\n-  Nonces are randomly generated.\n\n### Setup\naspis requires Libsodium and the Ruby gem RbNaCl.\n\nTo use, install the gem:\n```\ngem install aspis\n```\n\nOr to build and install from Github:\n```\n$ git clone https://gitlab.com/jsaf/aspis\n$ cd aspis\n# bundle exec rake install\n```\n\n### Usage\nBasic syntax:\n```\naspis [-n] [-o] [-m] -e|-d|-g\n```\nThe flags -e or -d tell aspis to encrypt or decrypt respectively. \nThe -g flag creates a new keypair in the ~/.aspis directory, creating that directory if necessary.\n\nIf used with the -n option, aspis will look for the password in the environment\nvariable ASPIS_PASS rather than asking for it on the command line. This is useful if\nyou want to use aspis in a script, but environment variables are not as secure as they may seem.\nIt is best to disable your shell's history if using this option to prevent something like \n```\nexport ASPIS_PASS=p@ssw0rd\n```\nfrom appearing in the shell's history file. \n\nTo manually tweak Argon2i's CPU ops and memory parameters, use the -o and -m \noptions. Memory is specified in MiB.\n\nSimple example of encrypting a message with a password-derived key:\n```\necho \"hello\" | aspis -e\n```\nEncrypt file.pdf and write the output to file.enc:\n```\naspis -e file.pdf \u003e file.enc\n```\nEncrypt a file piped via cat(1) and send it over the network with netcat:\n```\ncat file.pdf | aspis -e | nc 192.168.1.1 4444\n```\nAlice encrypts a file for Bob, using his public key and her default private key located in ~/.aspis:\n```\naspis -e -p bob-pubkey message-for-bob.txt \u003e message-for-bob.enc\n```\nBob would decrypt the above file like so:\n```\naspis -d -p alice-pubkey message-for-bob.enc \u003e message-for-bob.txt\n```\nTo send an encrypted email to Bob, you can use aspis with mutt like so:\n```\necho \"top secret message for Bob\" | aspis -e -p bob-pubkey | mutt -s \"Urgent, read immediately\" bob@mailercorp.com\n```\nBob would then open the email in mutt, and press \"|\" to pipe the message to an external command. To decrypt, he would\ngrep for the aspis portion of the email, then pipe that into aspis:\n```\ngrep ciphertext | aspis -d -p alice-pubkey\n```\nThe now decrypted message body will be displayed.\n\n### Security considerations\naspis uses the NaCl crypto_box function underneath (via Libsodium) for its public key cryptography. \nKey exchanges in asymmetric mode are static-static Diffie Hellman, which means that the shared key between 2 parties will be the same for all\nof their communication. One desirable property of static-static DH (or \"full static\" as it is sometimes known) is that it provides\nmutual authentication. Once Alice and Bob have each other's public keys, they can be sure that future messages 1.) can only be decrypted by Alice or Bob, and 2.) are actually from Alice or Bob.\n\nThe unfortunate part of this scheme is that their shared key is always the same, until one of them changes their long-term keys. This means that if an \nattacker is able to compromise either Alice or Bob's key, it exposes all past messages between them. A scheme that provides forward secrecy would only expose messages encrypted with the compromised key, not all messages. However, this is harder to do for the asynchronous communication for which aspis is likely to be used.\n\n\nI took the view that key impersonation is easier for an attacker and thus more likely than key compromise, and chose a scheme that provides mutual authentication to counter this. Yes, I am aware of its drawbacks. \n\nConsult the NaCl paper for formal discussion of the cryptography used in aspis: https://cr.yp.to/highspeed/naclcrypto-20090310.pdf\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsf0%2Faspis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjsf0%2Faspis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsf0%2Faspis/lists"}