https://github.com/ankit-chaubey/ciph

Fast, streaming file encryption for large media files and cloud uploads using modern cryptography.
https://github.com/ankit-chaubey/ciph

aes chacha20 cloud-security cryptography encryption-decryption file-encryption

Last synced: 5 months ago
JSON representation

Fast, streaming file encryption for large media files and cloud uploads using modern cryptography.

• Host: GitHub
• URL: https://github.com/ankit-chaubey/ciph
• Owner: ankit-chaubey
• License: apache-2.0
• Created: 2026-01-30T23:02:55.000Z (5 months ago)
• Default Branch: main
• Last Pushed: 2026-01-31T03:21:50.000Z (5 months ago)
• Last Synced: 2026-01-31T18:36:48.918Z (5 months ago)
• Topics: aes, chacha20, cloud-security, cryptography, encryption-decryption, file-encryption
• Language: C
• Homepage: https://pypi.org/project/ciph/
• Size: 21.5 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# ciph

[![PyPI](https://img.shields.io/pypi/v/ciph.svg)](https://pypi.org/project/ciph/)

[![Downloads](https://img.shields.io/pypi/dm/ciph.svg)](https://pypi.org/project/ciph/)

[![Python](https://img.shields.io/pypi/pyversions/ciph.svg)](https://pypi.org/project/ciph/)

[![CI](https://github.com/ankit-chaubey/ciph/actions/workflows/ciph-test.yml/badge.svg)](https://github.com/ankit-chaubey/ciph/actions/workflows/ciph-test.yml)

[![License](https://img.shields.io/github/license/ankit-chaubey/ciph)](https://github.com/ankit-chaubey/ciph/blob/main/LICENSE)

[![Release](https://img.shields.io/github/v/tag/ankit-chaubey/ciph?label=release)](https://github.com/ankit-chaubey/ciph/releases)

[![Platform](https://img.shields.io/badge/platform-Linux%20%7C%20Termux-blue)](#)

[![Crypto](https://img.shields.io/badge/crypto-AES--256--GCM%20%7C%20ChaCha20--Poly1305-blue)](#)

**ciph** is a fast, streaming file‑encryption tool built for **large media files** and **cloud uploads**. It uses modern, industry‑standard cryptography and is designed to safely encrypt files **larger than your system RAM**.

> Encrypt locally. Upload anywhere. Decrypt only when you trust the environment.

---

## ❓ Why ciph?

Most encryption tools load the entire file into memory before encrypting it. **ciph streams data in fixed-size chunks**, which means you can encrypt a **50 GB 4K video on a machine with only 2 GB of RAM**—smoothly and safely.

## ✨ Features

* 🔐 **Strong encryption** — AES‑256‑GCM or ChaCha20‑Poly1305

* 🔑 **Password protection** — Argon2id (memory‑hard key derivation)

* 🚀 **High performance** — streaming C core (1 MB chunks)

* 🧠 **Constant memory usage** — works with 10 GB+ files

* ⚙️ **Hardware‑aware** — AES‑NI when available, ChaCha fallback

* 🧪 **Integrity protected** — AEAD authentication on every chunk

* ☁️ **Cloud / Telegram safe** — encrypt before upload

* 🏷️ **Filename preserved** — original filename & extension are stored and restored on decryption

---

## 🔐 Cryptographic Design

`ciph` uses a **hybrid (envelope) encryption model**, similar to what is used in modern secure storage systems:

1. A random **data key** encrypts the file in streaming mode.

2. Your password is hardened using **Argon2id**.

3. The data key is encrypted using the derived password key.

4. Every chunk is authenticated to detect tampering.

No custom crypto. No weak primitives.

5. The **original filename (without path)** is stored as encrypted metadata and automatically restored on decryption.

---

## 🔒 Security Strength

| Component                  | Algorithm                                | Strength     |

| -------------------------- | ---------------------------------------- | ------------ |

| File encryption            | AES‑256‑GCM                              | 256‑bit      |

| File encryption (fallback) | ChaCha20‑Poly1305                        | 256‑bit      |

| Password KDF               | Argon2id                                 | Memory‑hard  |

| Integrity                  | AEAD                                     | Tamper‑proof |

| Nonces                     | Key-derived per chunk (unique, no reuse) | No reuse     |

### What this means

* Brute‑force attacks are **computationally infeasible**

* File corruption or tampering is **always detected**

* Encrypted files are safe on **any cloud platform**

* Losing the password means **data is unrecoverable**

---

## 🚀 Quick Start (Build from Source)

```bash

git clone https://github.com/ankit-chaubey/ciph

cd ciph

make

pip install .

```

## 📦 Installation

### Requirements

* Linux / Termux

* Python ≥ 3.8

* libsodium

### Install from PyPI

```bash

pip install ciph

```

---

## 🚀 Usage

### Encrypt a file

```bash

ciph encrypt video.mp4

```

Output:

```

video.mp4.ciph

```

### Decrypt a file

```bash

ciph decrypt video.mp4.ciph

```

Output:

```

video.mp4

```

> The original filename and extension are automatically restored, even if the encrypted file was renamed.

### Example workflow (Cloud / Telegram)

```bash

ciph encrypt movie.mkv

# upload movie.mkv.ciph anywhere

# share the password securely

ciph decrypt movie.mkv.ciph

```

---

## 📝 File Format

| Offset | Size | Description                            |

| ------ | ---- | -------------------------------------- |

| 0      | 4    | Magic bytes (`CIPH`)                   |

| 4      | 1    | Format version                         |

| 5      | 1    | Cipher mode (1 = AES, 2 = ChaCha)      |

| 6      | 16   | Argon2 salt                            |

| 22     | 12   | Key nonce                              |

| 34     | 1    | Filename length (N)                    |

| 35     | N    | Original filename (UTF‑8)              |

| 35+N   | 2    | Encrypted data‑key length              |

| …      | …    | Encrypted data key + encrypted payload |

## 📊 Performance

* Processes data in **1 MB chunks**

* Cryptography handled in **C (libsodium)**

* Python used only for CLI orchestration

* Typical throughput: **hundreds of MB/s** (CPU‑bound)

Encryption is usually faster than your internet upload speed.

---

## ⚠️ Limitations (v0.1.0)

* Linux / Termux only

* No resume support yet

* Progress bar shows start → finish (stream handled in C)

* Password‑based encryption only (public‑key mode planned)

* Filename metadata is visible (content remains fully encrypted)

---

## 🧑‍💻 Author & Project

**ciph** is **designed, developed, and maintained** by

[**Ankit Chaubey (@ankit‑chaubey)**](https://github.com/ankit-chaubey)

GitHub Repository:

👉 **[https://github.com/ankit-chaubey/ciph](https://github.com/ankit-chaubey/ciph)**

The project focuses on building **secure, efficient, and practical cryptographic tools** for real‑world usage, especially for media files and cloud storage.

---

## 📜 License

Apache License 2.0

Copyright © 2026 Ankit Chaubey

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

You may obtain a copy of the License at:

[https://www.apache.org/licenses/LICENSE-2.0](https://www.apache.org/licenses/LICENSE-2.0)

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and limitations under the License.

---

## 🔮 Roadmap

Planned future improvements:

* Parallel chunk encryption

* Resume / partial decryption

* Public‑key encryption mode

* Real‑time progress callbacks

* Prebuilt wheels (manylinux)

---

## ⚠️ Disclaimer

This tool uses strong cryptography.

If you forget your password, **your data cannot be recovered**.

Use responsibly.