encrypt and decrypt small files using OpenSSH keys
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


sshbox: encrypt and decrypt files using OpenSSH keys.

sshbox is a utility to encrypt and decrypt files using OpenSSH keys. The
files may be PEM-encoded (ASCII-armoured) or DER-encoded (a binary
format). Public keys may be fetched over HTTP(S); however, private keys
must be local. sshbox uses cryptobox[1] as the underlying cryptographic
system. It uses the sshkey[2] package to load the keys.

The utility is designed for encryption smaller files (under 128M), as the
file is read into memory.

Password-protected keys are now supported, as are both ECDSA and RSA keys.

Usage: sshbox [-ade] [-k key] source target
        -a=false: ASCII armour the box
        -d=false: decrypt file
        -e=false: encrypt file
        -k="": SSH key file
        -s="": SSH private key for signing
        -v="": SSH public for signature verification

    $ go get github.com/gokyle/sshbox
    $ go install github.com/gokyle/sshbox

Signature support is standing by, but uses RSASSA-PSS, which is not
present as of Go 1.1.1, but it is in tip. Due to the fact that most
users are not likely to be running tip, I've decided to wait to add
this in until later.  Once RSASSA-PSS support hits a distribution,
I will merge this into master.

sshbox is released under the ISC license. See the LICENSE file for the full
test of the license.

[1] http://cryptobox.tyrfingr.is/
[2] https://github.com/gokyle/sshkey/