{"id":37197260,"url":"https://github.com/piotrcki/crypt0","last_synced_at":"2026-01-14T22:56:05.634Z","repository":{"id":64307754,"uuid":"127980960","full_name":"piotrcki/crypt0","owner":"piotrcki","description":"One-time pad on steroids","archived":false,"fork":false,"pushed_at":"2021-10-09T13:50:30.000Z","size":25,"stargazers_count":8,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"master","last_synced_at":"2024-06-20T12:41:50.260Z","etag":null,"topics":["cryptography","one-time-pad","post-quantum-cryptography"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/piotrcki.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-03T23:37:15.000Z","updated_at":"2024-05-26T04:58:38.000Z","dependencies_parsed_at":"2023-01-15T11:00:15.977Z","dependency_job_id":null,"html_url":"https://github.com/piotrcki/crypt0","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/piotrcki/crypt0","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piotrcki%2Fcrypt0","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piotrcki%2Fcrypt0/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piotrcki%2Fcrypt0/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piotrcki%2Fcrypt0/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/piotrcki","download_url":"https://codeload.github.com/piotrcki/crypt0/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piotrcki%2Fcrypt0/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28437375,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T22:37:52.437Z","status":"ssl_error","status_checked_at":"2026-01-14T22:37:31.496Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","one-time-pad","post-quantum-cryptography"],"created_at":"2026-01-14T22:56:02.489Z","updated_at":"2026-01-14T22:56:04.964Z","avatar_url":"https://github.com/piotrcki.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"One-time pad on steroids\n=========================\n\nFeatures\n---------\n\nCrypt0 provides the following features:\n\n* implementation of the **one-time pad cipher**;\n* **message integrity** protection with SHA512 HMAC, not provided by naive implementations of the one-time pad;\n* **additional layer of 256 bits AES** that hardens cryptanalisys in case of two-time pad or flawed RNG;\n* helpers for pads management;\n* some **metadata protection**, ciphertext looks like a fixed-size random bulk of data;\n* short, clear and portable source code written in Go (a buffer-overflow safe, strongly typed, fast and compiled language);\n* everything is inside the binary, no dependencies.\n\nAssumptions\n------------\n\nCrypt0 securely works only if the following assumptions are true.\n\n* Any environment that \"can see\" plaintext data or pads is safe (no possible unauthorized access to data, no malwares, no backdoors, no TEMPEST...).\n* Pads are transported and exchanged in a way that is safe from alterations or leaks (see the first assumption).\n* Pads are generated with a safe TRNG. Safe PRNGs should work well and provide a good level of security but will not reach the mathematical unbreakability.\n* HMAC-SHA512 (with unique random keys) is secure. In case it would not be, only the integrity might be altered with a very low probability. Confidentiality doesn't depend on HMAC-SHA512 and remains unquestioned.\n* AES with CFB operation mode with random IVs is secure. In case it would not be, confidentiality could be broken only if the pad is not random or not unique.\n\nChangelog\n----------\n\nVersions of crypt0 are composed of 3 numbers X.Y.Z.\n\nX is increased when major changes that can break retro-compatibility happen.\n\nY is increased when new features are added.\n\nZ is increased when for minor changes such as bug fixes or code clean-ups.\n\n* 0.3.2\n  * GUI scripts cleaning\n* 0.3.1\n  * Improvement of the GUI wrapper for encryption\n* 0.3.0\n  * Minor changes to GUI wrappers\n  * Refactored .desktop files\n* 0.2.0\n  * Added genpads0\n  * Various code clean-ups\n* 0.1.0\n  * GUI integration:\n    * Fixed some bugs\n    * Added peer (and $CRYPT0_HOME) support\n* 0.0.0\n  * Initial release\n\nLicense\n--------\n\nAll the work related to crypt0 is Copyright 2015, Piotr Chmielnicki. The code is under GNU GPL version 3.\n\nUser guide\n===========\n\nCrypt0 is a set of tools:\n\n* `encrypt0`: the command-line command for encryption\n* `encrypt0-gui`: the GUI wrapper for `encrypt0` (Linux and BSD only)\n* `decrypt0`: the command-line command for decryption\n* `decrypt0-gui`: the GUI wrapper for `decrypt0` (Linux and BSD only)\n* `.desktop` files for gui wrappers\n* `genpads0` our command line tool for pad generation\n\nUsages\n--------\n\n### encrypt0\n\n    Usage:\n    \n    encrypt0 [--short] plaintext-file pad\n    \n    plaintext-file: the file to encrypt\n    pad           : the pad to use (a .w.pad file)\n    --short       : do not add padding to the plaintext, the ciphertext will be shorter but will leak the file size\n    \n    Return values:\n    \n    0: encryption success\n    1: pad is too short\n    9: other error\n\n### decrypt0\n\n    Usage:\n    \n    decrypt0 ciphertext-file pad\n    \n    ciphertext-file: the file to decrypt (a .enc file)\n    pad            : the pad (a .r.pad file) to use or a directory containing it\n    \n    Return values:\n    \n    0: decryption success\n    1: invalid pad or no valid pad in the directory\n    9: other error\n\n### genpads0\n\n    Usage:\n    \n    form 1: genpads0 size pad-name\n    form 2: genpads0 size number peer1 peer2\n    form 3: genpads0 size number peers-file\n    \n    size      : size of a pad in kio (1 kio = 1024 bytes)\n    pad-name  : file name of the pad to generate\n    number    : number of pads to generate per communication way\n    peer1|2   : peer's name (Such as \"Alice\" or \"Bob\"\n    peers-file: a CSV file containing communication channel between peers\n                each line is of the following form SENDER,RECIPIENT1[,RECIPIENT2[...]]\n    \n    Environment:\n    \n    CSTRNG: cryptographically secure true random number generator. Readable file expected (multiple files can be supplied separated by ':')\n    PRNG  : pseudo-random number generator. Readable file expected (multiple files can be supplied separated by ':')\n    \n    Return values:\n    \n    0: success\n    9: error\n\nThis tool stores pads in folders, here is an example of folders layout for communication between Alice and Bob:\n\n    alice.pads # This folder should be given to Alice\n    `-- bob    # Communication with Bob (from Alice's point of vue)\n        |-- 13c1a6f19d829790.w.pad \n        `-- 13c1a6f19eb301fe.r.pad \n    bob.pads   # This folder should be given to Bob\n    `-- alice  # Communication with Alice (from Bob's point of vue)\n        |-- 13c1a6f19d829790.r.pad \n        `-- 13c1a6f19eb301fe.w.pad \n\nGUI scripts\n------------\n\n`encrypt0-gui` and `decrypt0-gui` are two Linux (bash) scripts taking as optional argument the name of an input file.\nThese scripts allow to graphically select a pad or a “peer”.\nA peer is a person your are communicating with.\nPeers can be added by adding a directory in $CRYPT0_HOME/peers/.\nThis peer will take the name of the directory and all pads located in the directory might be used to communicate with the peer.\n\nBy default, CRYPT0_HOME=~/.crypt0\n\nHere is an example of a CRYPT0_HOME tree:\n\n    .crypt0/ \n    `-- peers \n        |-- John\\ Doe # A friend \n        |   |-- 13c1a6a1a8f01e15.w.pad # A pad to write to John\n        |   `-- 13c1a6a1a7b780fa.r.pad \n        `-- Trinity # An other one\n            |-- 13c1a6a1a9d845d6.r.pad # A pad to read from Trinity\n            `-- 13c1a6a1aa3c35cb.w.pad\n\nInternals\n==========\n\nFirst, let's define some terms.\n\n* _AES_(x, y, z): the encryption with AES cipher in CFB mode of the message z with the 256 bits key x and the IV y.\n* _HMAC_(x, y):  the HMAC of y with SHA512 hash algorithm and 768 bits key x.\n* _XOR_(x, y): xor between the bit streams x and y. \n* _AES_K_: the 256 bits key of the _AES_ cipher.\n* _IV_: the 128 bits IV of the _AES_ cipher.\n* _HMAC_K_:the 768 bits of the _HMAC_.\n* _XOR_K_: the key stream for one-time pad _XOR_.\n\nThe first byte of a sequence is the byte number 0.\n\nHow the pad is used\n--------------------\n\n* Bytes from 0 to 95 are used as _HMAC_K_.\n* Bytes from 96 to 127 are used as _AES_K_.\n* Bytes from 128 the end of the file are used as _XOR_K_\n\nCiphertext format\n------------------\n\nDuring encryption the plaintext passes 3 encoding steps:\n\n### Encoding step 1 : header and padding\n\nThe result of the first encoding step is composed of the following concatenated elements:\n\n1. 0x00 8 bytes header;\n2. big endian encoded 64 bits size of the plaintext (8 bytes);\n3. the plaintext;\n4. 0x00 padding of undefined size (used to mask the plaintext size).\n\n### Encoding step 2 : one-time pad encryption\n\nThe result of the second encoding step is _XOR_(step 1 result, _XOR_K_).\n\n### Encoding step 3: AES and HMAC\n\nThe result of the third encoding step is composed of the following concatenated elements:\n\n1. _IV_;\n2. _AES_(_AES_K_, _IV_, step 2 result);\n3. _HMAC_(_HMAC_K_, 2 previous elements).\n\nPad generation (genpads0)\n--------------------------\n\nThe genpads0 tool mixes various sources of entropy:\n\n* the secure pseudo-random number generator provided by the operating system;\n* optional other sources pointed by environment variables (see usage).\n\nAll streams are xored together.\n48 bytes of the resulting stream are used to initialize an AES 256 bits cipher in CTR mode that will encrypt the rest of the resulting stream before it gets written to new pads.\nThis encryption can be regarded as entropy post-treatment.\n\nBuilding crypt0\n================\n\nYou will need a Go compiler.\nThe reference compiler will always be the latest stable release of the official Go compiler.\nOn Linux a makefile is available, `make all` will compile the project and `make install` will install it for an unprivileged user.\nOther options are available. The makefile is easy to read.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpiotrcki%2Fcrypt0","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpiotrcki%2Fcrypt0","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpiotrcki%2Fcrypt0/lists"}