Plausibly deniable data encryption for the paranoid.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

The source-code for dissident has been removed pending a rewrite.

Dissident (beta)

Plausibly deniable file-encryption for the masses.

Plausible deniability is defined as a condition in which a subject can safely and believably deny knowledge of any particular truth that may exist so as to shield the subject from any responsibility associated with the knowledge of such truth. We think that's a beautiful idea, and so, that is what Dissident gives you.

This is the reference implementation for the dissident deniable storage protocol.

Protocol Features

  • Authenticity — the adversary is unable to craft some valid entry or modify an existing entry such that the result is also valid.
  • Integrity — the adversary is unable to remove some valid entry without us realising that the data is incomplete.
  • Confidentiality — the adversary is unable to ascertain any plaintext data without knowledge of both the master password and the identifier.
  • Homogeneity — the adversary is unable to distinguish between valid entries and decoy entries.
  • Deniability — the adversary is not able to prove that any existing entries are not decoys.
  • Flexibility — if the adversary has knowledge of exactly one of either the master password or the identifier, these security guarantees still apply (provided that the other is reasonably strong).

Full definitions of these properties, with provided security proofs in the context of a defined threat model, is pending publication when ready.


Although we do recommend using a release, the simplest way to install dissident is to go get it:

$ go get

If you would prefer a signed release that you can verify and manually compile yourself, download and extract the latest release. Then go ahead and run:

$ go install -v ./

The latest release is guaranteed to be cryptographically signed with my most recent PGP key. To import it directly into GPG, run:

$ curl | gpg --import

Responsible disclosure

If you are aware of a security bug, notifying us privately is in the interest of all users. We can then discuss it post-mortem. To do this, please send a PGP encrypted message to my email.