Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kisom/cryptutils

Various crypto utilties based on a common NaCl/Ed25519 core.
https://github.com/kisom/cryptutils

Last synced: 24 days ago
JSON representation

Various crypto utilties based on a common NaCl/Ed25519 core.

Host: GitHub
URL: https://github.com/kisom/cryptutils
Owner: kisom
License: other
Created: 2014-06-23T02:51:53.000Z (over 10 years ago)
Default Branch: master
Last Pushed: 2024-08-29T15:04:45.000Z (3 months ago)
Last Synced: 2024-10-11T02:46:23.202Z (about 1 month ago)
Language: Go
Homepage: https://kyleisom.net/projects/cryptutils/
Size: 568 KB
Stars: 42
Watchers: 7
Forks: 10
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG
- License: LICENSE

Awesome Lists containing this project

README

## cryptutils

`cryptutils` is a set of common Go packages for doing encryption using
NaCl and Ed25519 keys. It also includes a set of command line tools:

* secrets: command-line secrets manager
* otpc: command-line two-factor authentication token manager
* journal: password-backed journal
* passcrypt: password-based file encryption

The useful tools are all password-based at this time. `secrets`, `otpc`,
and `journal` are all based on a common secret storage system. The
`secrets` program provides a general-purpose secret management system;
`journal` and `otpc` provide specialised interfaces for specific types
of secrets (notes and TOTP/HOTP keys, respectively).

The programs are in the `cmd/` subdirectory; each project has its own
README.

### The cryptography

`cryptutils` uses NaCl's secretbox (Salsa20 and Poly1305) for
secret-key encryption, NaCl's box (Curve25519, Salsa20, and Poly1305)
for public-key encryption, and Ed25519 for digital
signatures. Typically, secret keys are derived in one of ways: via
Scrypt, or via an ECDH exchange. For Scrypt, the parameters N=1048576,
r=8, and p=1 are used. This makes generating keys using this expensive
(typically, around 5 seconds on my 2.6 GHz i5 machine with 6G of
RAM). When encrypting messages using public keys, an ephemeral key is
generated for the encryption and a shared key is derived from
this. The public key is prepended to the message for extraction by the
recipient. When signing and encrypting using public keys, the message
is signed before encrypting. The recipient will decrypt, then validate
the signature.

**NOTE**: previous versions used N=32768, and will need to use the
`migrate-store` utility to migrate the store over (or use the previous
versions).

### Motivation and history

I hated depending on my phone for managing two-factor authentication
(I prefer to not carry it around), which led to the first iteration of
`otpc`. This used Scrypt and NaCl to secure the tokens. Later, I
wanted a password manager that I could use on the command-line and
send passwords to xclip (or pbcopy if I was on a Mac); the first
iteration of `password` copied the `crypto.go` file from
`otpc`. Finally, I wanted to replace `sshcrypt` with a
NaCl/Ed25519-based system; at this point, I realised that it would be
easier to refactor the crypto components into a common set of
packages. This included building a generalised keyring for `fcrypt`
and, realising that the same data structure lent itself well to
`password` and `otpc`, a common datastore for secrets. Eventually,
`passwords` was renamed to `secrets` when I began to use it for
manipulating the `otpc` store, letting me keep a lot of unnecessary
functionality out of `otpc`. At some point, I realised the datastore
could also be used for storing journal entries, and added a journaling
front end.

### Dependencies

* golang.org/x/crypto
* github.com/agl/ed25519
* github.com/conformal/yubikey
* github.com/gokyle/readpass

### License

`cryptutils` is licensed under the ISC license.