From 2baece012221bc3d270a87e539e3bc67cc546f73 Mon Sep 17 00:00:00 2001 From: Hardcore Sushi Date: Wed, 1 Dec 2021 14:23:49 +0100 Subject: [PATCH] Man page --- Cargo.lock | 2 +- Cargo.toml | 6 ++-- README.md | 6 ++-- man/.gitignore | 1 + man/compile.sh | 18 +++++++++++ man/source.md | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 115 insertions(+), 6 deletions(-) create mode 100644 man/.gitignore create mode 100755 man/compile.sh create mode 100644 man/source.md diff --git a/Cargo.lock b/Cargo.lock index eeeaafd..689816e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -210,7 +210,7 @@ dependencies = [ [[package]] name = "doby" -version = "0.2.0" +version = "0.3.0" dependencies = [ "aes", "argon2", diff --git a/Cargo.toml b/Cargo.toml index 583824c..7413c19 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,10 +1,10 @@ [package] name = "doby" -version = "0.2.0" -edition = "2018" +version = "0.3.0" +edition = "2021" authors = ["Hardcore Sushi "] license = "GPL-3.0-or-later" -description = "Secure symmetric encryption from the command line" +description = "Simple, secure and lightweight symmetric encryption from the command line" readme = "README.md" [profile.release] diff --git a/README.md b/README.md index 420ffcc..ae7ff91 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Secure symmetric encryption from the command line. -doby started as a fork of [aef](https://github.com/wyhaya/aef) by [wyhaya](https://github.com/wyhaya) with the goal of becoming the fastest and most lightweight CLI utility for symmetric encryption. It aims to replace the old [ccrypt](http://ccrypt.sourceforge.net) tool which doesn't seem to be very secure. +doby started as a fork of [aef](https://github.com/wyhaya/aef) by [wyhaya](https://github.com/wyhaya) with the goal of becoming a simple, fast and lightweight CLI utility for symmetric encryption. It aims to be an alternative to the old [ccrypt](http://ccrypt.sourceforge.net) tool by using modern cryptography and authenticated encryption. # Features @@ -52,7 +52,7 @@ doby --password "first password" my-super-secret-database.db | doby -f - double- Increase password brute-force resistance: ```bash -echo "you-will-never-break-this" | doby --memory-cost 524288 --parallelism 16 --time-cost 40 > my-super-secret-password.doby +echo "you-will-never-break-this" | doby --memory-cost 524288 --parallelism 16 --time-cost 40 > my-super-secret-data.doby ``` ## Full Options @@ -120,6 +120,8 @@ cargo build --release --bin doby #outputs to ./target/release/doby # Cryptographic details +The following explanations are illustrated with pseudo rust code to simplify understanding. If you want to see how it's exactly implemented in doby, you can always check the source code. + ### Encryption doby first derives your password with Argon2 (version 19) in Argon2id mode with a 64 bytes long random salt. A `master_key` of 32 bytes is thus generated. diff --git a/man/.gitignore b/man/.gitignore new file mode 100644 index 0000000..3c49ab7 --- /dev/null +++ b/man/.gitignore @@ -0,0 +1 @@ +/*.gz diff --git a/man/compile.sh b/man/compile.sh new file mode 100755 index 0000000..27340a8 --- /dev/null +++ b/man/compile.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +cargo_toml="../Cargo.toml" +source_md="source.md" + +if [ ! -f $cargo_toml ]; then + echo "Error: $cargo_toml not found." >&2; + exit 1; +elif [ ! -f $source_md ]; then + echo "Error: $source_md not found." >&2; + exit 1; +fi + +version=$(grep "^version = " $cargo_toml | cut -d "\"" -f 2) +date=$(date +"%B %Y") +pandoc $source_md -s -t man | sed \ + "s/^\.TH.*$/\.TH \"DOBY\" \"1\" \"$date\" \"doby v$version\" \"doby v$version\"/; \ + s/^\.hy/\.ad l/" | gzip - > doby.1.gz \ No newline at end of file diff --git a/man/source.md b/man/source.md new file mode 100644 index 0000000..cdc5ea0 --- /dev/null +++ b/man/source.md @@ -0,0 +1,88 @@ +% DOBY(1) + +# NAME +doby - Simple, secure and lightweight symmetric encryption from the command line + +# SYNOPSIS +doby [**-fi**] [**\--password** password] [**-t** time_cost] [**-m** memory_cost] [**-p** parallelism] [**-b** block_size] [**-c**] {aes | xchacha20} [INPUT] [OUTPUT] + +doby [**-h** | **\--help**] + +doby [**-V** | **\--version**] + +# DESCRIPTION +doby aims to be a small, fast and user-friendly command line tool for symmectric encryption of single files. It uses modern cryptography and (obviously) it's built in rust. + +doby can operate with files larger than memory but also from stdout/stdin. In addition to encrypt files, doby also use HMAC cryptography to authenticate the data. This means that encrypted files can't be tampered. Encryptions keys are derived from the user password using Argon2, an expensive KDF function that slows down a lot brute force attacks. You can find more details about cryptography on the doby's repository: https://forge.chapril.org/hardcoresushi/doby#cryptographic-details + +doby will add a header at the beginning of the encrypted files so that it can know whether it is encrypted or not. That's why you don't need to specify which operation should be performed. doby will detect this automatically. + +# OPTIONS +**-h**, **\--help** +: Print help. + +**-V**, **\--version** +: Print doby version. + +**-f**, **\--force-encrypt** +: Perform encryption even if doby format is recognized in the input file. + +**-i**, **\--interactive** +: Prompt before overwriting the output file if it already exists. + +**\--password** *password* +: Specify the password which will be used to derive encryption keys. If omitted, the password will be prompted in the terminal. + +**-t**, **\--time-cost** *iterations* +: Argon2 time cost used to derive the master key. Default: 10 + +**-m**, **\--memory-cost** *memory size* +: Argon2 memory cost used to derive the master key (in kilobytes). Default: 4096 KB + +**-p,** **\--parallelism** *threads* +: Argon2 parallelism cost used to derive the master key. Default: 4 + +**-b,** **\--block-size** *blocksize* +: Size of the buffer used when reading the file (in bytes). Default: 65536 B + +**-c,** **\--cipher** *cipher* +: Encryption cipher to use. Either "aes" or "xchacha20". If not specified, AES will be used if your CPU supports AES native instructions, XChaCha20 otherwise. Ignored when performing decryption. + +**INPUT** +: The file doby will read as input. If it's omitted or set to "-", doby will read from stdin. + +**OUTPUT** +: The file doby will write to. If it's omitted or set to "-", doby will write to stdout. + +# EXAMPLES +doby my-super-secret-source-code.rs encrypted.doby + +doby \--block-size 4096 encrypted.doby decrypted.rs + +cat my-super-secret-music.flac | doby \--cipher xchacha20 > encrypted.doby + +doby \--password "rockyou" encrypted.doby > decrypted.flac + +cat my-super-secret-logs-file.log | doby \--interactive - logs.doby + +echo "you-will-never-break-this" | doby \--memory-cost 524288 \--parallelism 16 \--time-cost 40 > my-super-secret-data.doby + +# EXIT STATUS +**0** +: Success + +**1** +: Error + +# REPORTING BUGS +You can open an issues on Gitea (https://forge.chapril.org/hardcoresushi/doby) or on GitHub (https://github.com/hardcore-sushi/doby) if you find an issue or if you have any questions/suggestions. +If you prefer, you can also email me at hardcore.sushi@disroot.org. My PGP key is available on keyservers (fingerprint: 0x007F84120107191E). + +# AUTHOR +Hardcore Sushi + +# COPYRIGHT +License GPLv3+: GNU GPL version 3 or later . This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. + +# SEE ALSO +**ccrypt**(1), **age**(1), **gocryptfs**(1), **cryfs**(1) \ No newline at end of file