Deterministic syncable/diffable encryption, for files or pipes. https://code.ivysaur.me/crype
This repository has been archived on 2020-05-03. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
2014-05-24 00:00:00 +00:00
dist-archive commit all archived files 2014-05-24 00:00:00 +00:00
doc commit all archived files 2014-05-24 00:00:00 +00:00
.legacy-codesite.toml initial meta commit 2014-05-14 00:00:00 +00:00
README.md commit all archived files 2014-05-24 00:00:00 +00:00

crype

Deterministic syncable/diffable encryption, for files or pipes.

crype is a tool providing rsyncable deterministic-encryption (like rsyncrypto for pipes). It encrypts data using a common decision function over plaintext, allowing rsync-like tools to still work efficiently over the encrypted data. It uses HMAC-SHA1-PBKDF2 and the ChaCha stream cipher.

Compression is also implemented, as this improves both portabiity and rsyncability compared to a separate gzip --rsyncable pass.

See crype --help for usage instructions. Binaries are provided for 32-bit Windows, 32-bit Cygwin, and 64-bit Debian 7.

License

Source code is made available freely under the terms of the ISC license. The source code distribution includes library code under {public-domain, BSD, Unlicense} licenses.

The provided binaries are likewise freely redistributable for any purpose.

TODO

  • Reduce peak memory usage by using stream functions for decompression
  • Parallel compression/encryption
  • Distro packages, static binaries

Changelog

2014-05-24: r59

  • Add file header for version compatibility detection
  • Add plaintext comment to file header
  • Allow configuring compression level
  • Support Debian 7 (amd64)
  • Support Cygwin (i386)
  • Security: Improve security by switching chunk IVs based on truncated plaintext HMAC (incompatible change)
  • Security: Read encryption passwords from file
  • Security: Warn when reading encryption password from argument
  • ⬇️ crype-r59.zip (205.77 KiB)

2014-05-14: r30