crype

Deterministic syncable/diffable encryption, for files or pipes.

crype is a tool providing rsyncable deterministic-encryption (like rsyncrypto for pipes). It encrypts data using a common decision function over plaintext, allowing rsync-like tools to still work efficiently over the encrypted data. It uses HMAC-SHA1-PBKDF2 and the ChaCha stream cipher.

Compression is also implemented, as this improves both portabiity and rsyncability compared to a separate gzip --rsyncable pass.

See crype --help for usage instructions. Binaries are provided for 32-bit Windows, 32-bit Cygwin, and 64-bit Debian 7.

License

Source code is made available freely under the terms of the ISC license. The source code distribution includes library code under {public-domain, BSD, Unlicense} licenses.

The provided binaries are likewise freely redistributable for any purpose.

TODO

• Reduce peak memory usage by using stream functions for decompression
• Parallel compression/encryption
• Distro packages, static binaries

Changelog

2014-05-24: r59

• Add file header for version compatibility detection
• Add plaintext comment to file header
• Allow configuring compression level
• Support Debian 7 (amd64)
• Support Cygwin (i386)
• Security: Improve security by switching chunk IVs based on truncated plaintext HMAC (incompatible change)
• Security: Read encryption passwords from file
• Security: Warn when reading encryption password from argument
• ⬇️ crype-r59.zip (205.77 KiB)

2014-05-14: r30

• Initial release
• ⬇️ crype-r30.zip (133.55 KiB)