Utility for encrypting folders with AES-256 GCM and Scrypt. A fork of my crypt command.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
vendor
.gitmodules
.travis.yml
LICENSE.md
README.md
cryptdir-folder.png
main.go

README.md

Travis CI Go report card

cryptdir

Utility for managing folders containing files encrypted with AES-256 GCM and Scrypt.

Install

Make sure that Go is installed and your PATH includes GOBIN. Then run the following:

$ git clone --recursive https://github.com/evantbyrne/cryptdir.git $GOPATH"/src/github.com/evantbyrne/cryptdir"
$ go install github.com/evantbyrne/cryptdir

Note: The $ at the beginning of newlines in this document represents the bash shell prompt, and is not a part of the actual commands. Likewise, cryptdir> represents an unlocked shell prompt.

Usage

$ cryptdir
usage: cryptdir [<flags>] <command> [<args> ...]

Utility for managing folders containing files encrypted with AES-256 GCM and
Scrypt.

Flags:
  --help  Show context-sensitive help (also try --help-long and --help-man).

Commands:
  help [<command>...]
    Show help.

  ls [<flags>]
    List encrypted files.

  read <read_name>
    Read encrypted file.

  unlock
    Unlock encrypted directory.

  write <write_name>
    Write encrypted file.

Open a new shell with the encrypted folder unlocked:

$ cd path/to/my/folder
$ cryptdir unlock
Password:
cryptdir>

Read and write encrypted files from an unlocked shell, lock shell by exiting:

cryptdir> cryptdir read hello.txt
File not found.
cryptdir> echo "Hello, world" | cryptdir write hello.txt
cryptdir> cryptdir read hello.txt
Hello, world
cryptdir> exit
exit
$ cryptdir read hello.txt
2017/02/05 13:42:27 The encrypted directory is locked. Please run `cryptdir unlock` to unlock.

Listing encrypted files from an unlocked shell:

cryptdir> cryptdir ls
foo.txt
hello.txt
zebra.png
cryptdir> cryptdir ls -ms
ZzvBpUZDpXVJmbLi foo.txt
nUyWajppDtwLrLxj hello.txt
xShsSwNrGNmnFyeC zebra.png

Encrypted data format

Each file is encrypted in the following format, with a random salt and nonce generated per file:

+----------------+---------------------+-------------------+-------------------+
| 4 byte version | 12 byte scrypt salt | 12 byte gcm nonce | encrypted data... |
+----------------+---------------------+-------------------+-------------------+

Here is an example of what the contents of an encrypted folder might look like:

Example encrypted folder

The raw file names are randomly generated 250 character strings. The .cryptdir file contains an encrypted mapping of human-readable filenames to the randomly named ones used on a filesystem level.