{"id":28064393,"url":"https://github.com/ysmood/whisper","last_synced_at":"2025-12-28T21:55:13.008Z","repository":{"id":174759485,"uuid":"652740152","full_name":"ysmood/whisper","owner":"ysmood","description":"A simple lib and tool to encrypt, decrypt data with Public-key cryptography.","archived":false,"fork":false,"pushed_at":"2025-12-23T06:45:32.000Z","size":230,"stargazers_count":53,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-24T21:34:46.091Z","etag":null,"topics":["cli","cryptography","decryption","ecc","encryption","public-key-cryptography","rsa","security"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/ysmood/whisper/lib","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ysmood.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["ysmood"]}},"created_at":"2023-06-12T17:41:29.000Z","updated_at":"2025-12-23T06:44:07.000Z","dependencies_parsed_at":"2023-12-25T00:21:17.586Z","dependency_job_id":"540edb01-aa72-4996-a4d7-3a32accd4302","html_url":"https://github.com/ysmood/whisper","commit_stats":null,"previous_names":["ysmood/whisper"],"tags_count":55,"template":false,"template_full_name":null,"purl":"pkg:github/ysmood/whisper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ysmood%2Fwhisper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ysmood%2Fwhisper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ysmood%2Fwhisper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ysmood%2Fwhisper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ysmood","download_url":"https://codeload.github.com/ysmood/whisper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ysmood%2Fwhisper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28057680,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-26T02:00:06.189Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","cryptography","decryption","ecc","encryption","public-key-cryptography","rsa","security"],"created_at":"2025-05-12T13:51:21.010Z","updated_at":"2025-12-26T18:05:58.898Z","avatar_url":"https://github.com/ysmood.png","language":"Go","funding_links":["https://github.com/sponsors/ysmood"],"categories":[],"sub_categories":[],"readme":"# Overview\n\nA simple lib to encrypt, decrypt data with [Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography).\nNow [ED25519](https://en.wikipedia.org/wiki/EdDSA#Ed25519), [ECDSA](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm),\nand [RSA](\u003chttps://en.wikipedia.org/wiki/RSA_(cryptosystem)\u003e) are supported.\n\nFeatures:\n\n- Use the existing ssh key pairs and github public key url, no need to generate new key pair.\n- Auto find the right key to decrypt.\n- Encrypt data for multiple recipients.\n- [ssh-agent](https://en.wikipedia.org/wiki/Ssh-agent) like server to cache the private key passphrase.\n- Optional signing for integrity check.\n- Lower overhead and small wire format.\n- Streamlined design for large file encryption.\n\n## CLI tool\n\n### Installation\n\nUse it as [lib](https://pkg.go.dev/github.com/ysmood/whisper/lib) or CLI tool.\n\nGo to the [release page](https://github.com/ysmood/whisper/releases) to download the CLI binary.\n\nIf you have golang installed:\n\n```bash\ngo install github.com/ysmood/whisper@latest\n```\n\n### Encrypt and decrypt with local keys\n\nHere is a simple example to encrypt and decrypt for yourself. The encrypted data can only be decrypted by your private key.\n\n```bash\n# Skip this if already have a key pair.\nwhisper -gen-key ~/.ssh/id_ed25519\n\necho 'hello world!' \u003e hello.txt\n\n# Encrypt file hello.txt to a whisper file hello.wsp .\n# It will auto start a agent server to cache the passphrase so you don't have to retype it.\nwhisper -e='~/.ssh/id_ed25519.pub' hello.txt \u003e hello.wsp\n\n# Decrypt file encrypted to stdout.\nwhisper hello.wsp\n# hello world!\n\n# Piping is also supported.\ncat hello.txt | whisper -e='~/.ssh/id_ed25519.pub' \u003e hello.wsp\ncat hello.wsp | whisper\n```\n\n### Encrypt and decrypt with remote keys\n\nYou can also use a url for a remote public key file.\nHere we use my public key on github to encrypt the data.\nGithub generally exposes your public key file at `@https://github.com/{YOUR_ID}.keys`.\n\n```bash\n# For github, you can use the user id directly.\n# Here the user id is 'ysmood'.\nwhisper -e='@ysmood' hello.txt \u003e hello.wsp\n\n# For other sites you can use the full url.\nwhisper -e='@https://gitlab.com/jack.keys' hello.txt \u003e hello.wsp\n\n# A authorized_keys file may contain several keys,\n# you can add a suffix to select a specific key to encrypt.\n# 'ed25519' is the substring of the key we want to use.\nwhisper -e='@ysmood:ed25519' hello.txt \u003e hello.wsp\n\n# Encrypt content for multiple recipients, such as Jack and Tim.\nwhisper -e='@jack' -e='@tim' hello.txt \u003e hello.wsp\n\n# Decrypt on Jack's machine, the machine has Jack's private key.\nwhisper hello.wsp\n\n# To sign and encrypt the data, you can use the `-s` flag.\nwhisper -s='@ysmood' -e='@jack' hello.txt \u003e hello.wsp\n\n# Print the meta data of the whisper file to see who is the sender.\nwhisper -m hello.wsp\n\n# To verify the signature and decrypt the data.\n# If -s flag is not provided, it will only decrypt the data.\nwhisper -s='@ysmood' hello.wsp\n```\n\nThe input can also be file url.\n\n### Batch encryption and decryption files\n\nCreate a json file `whisper.json` with the content:\n\n```json\n{\n  \"$schema\": \"https://raw.githubusercontent.com/ysmood/whisper/main/batch_schema.json\",\n  \"files\": {\n    \"secrets/backend\": [\"@jack\"],\n    \"secrets/db.txt\": [\"@tom\"]\n  },\n  \"outDir\": \"vault\"\n}\n```\n\nThen run:\n\n```bash\nwhisper -be whisper.json\n```\n\nIt will encrypt the files in folder `secrets/backend` for Jack and encrypt file `secrets/db.txt` for Tom,\nthey will be saved to folder `vault`.\n\nTo decrypt in batch, run:\n\n```bash\nwhisper -bd whisper.json\n```\n\nOr you can decrypt a single file directly:\n\n```bash\nwhisper vault/secrets/db.txt.wsp\n```\n\nIf you have a lot of members to manage, the batch config file supports grouping,\nthe `$` prefix means a group name:\n\n```jsonc\n{\n  \"$schema\": \"https://raw.githubusercontent.com/ysmood/whisper/main/batch_schema.json\",\n  \"groups\": {\n    \"$frontend\": [\"@mike\", \"@tim\"],\n    \"$backend\": [\"$frontend\", \"@jack\"] // group reference can be recursive\n  },\n  \"admins\": [\"@ci-robot\"], // the users who can decrypt all the files\n  \"files\": {\n    \"secrets/backend\": [\"$backend\"], // the path can be a directory secrets/backend\n    \"secrets/frontend\": [\"$frontend\", \"@tom\"],\n    \"secrets/frontend/mongo\": [\"@joy\"] // add the user to the file that is already set by previous line\n  },\n  \"excludeFiles\": [\"secrets/backend/tmp\"],\n  \"outDir\": \"vault\"\n}\n```\n\n### Agent and cache\n\nThe agent server is for caching the private key passphrase, so you don't have to retype it every time.\nTo start the agent server, run:\n\n```bash\n# Add the key to the agent.\nwhisper -add ~/.ssh/id_ed25519\n```\n\nTo remove the key from the agent, run:\n\n```bash\nwhisper -clear-cache\n```\n\n### Deterministic private key generation\n\nWhen using the `-gen-key` flag, it will ask you whether to generate a deterministic key or not,\nif you enter `yes`, the key will be generated based on the passphrase itself,\nso that you can regenerate the same private key on any device as long as you remember the passphrase.\nThis is useful if you don't want to backup the key, but it's less secure than random key, you must use a strong passphrase.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fysmood%2Fwhisper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fysmood%2Fwhisper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fysmood%2Fwhisper/lists"}