Ss is a tool and library to perform passphrase-based or PKI-based file and stream encryption. It is built using:
-
Streamlined NTRU Prime 4591^761 Cryptosystem (for PKI and shared key exchange)
-
ChaCha20-Poly1305 (for Authenticated Encryption with Associated Data of encrypted messages and secret key files)
-
Argon2id (for passphrase-based key derivation)
To use the PKI features, first generate your default keys with ss keygen.
Be sure to backup the created keys. Secret keys are always encrypted with your
passphrase, and provided a sufficiently-strong passphrase was used, are safe to
backup with untrusted parties.
Files and streams can be encrypted for yourself with ss encrypt. By default,
stdin is read and encrypted to stdout. Use the -in and -out flags, or use
shell redirection, to deal with file input/output.
Encryption for another party is configured by specifying their identity name or
their pubkey file with the -i parameter. Using identity names requires their
key to be recorded at ~/.ss/$them.public.
Decryption is performed using ss decrypt. Like encrypt, this operation
consumes stdin and writes to stdout by default, and the same flags are used to
change this behavior.
Passphrase encryption operates similarly to PKI encryption, but does not require any keyfiles. Instead, messages are encrypted with a key derived through a passphrase.
Passphrase encryption is performed with ss encrypt -passphrase. Decrypting
this output does not require any additional options.
$ go install github.com/jrick/ss@latest
Super Sekrit.
Or something else. I don't care. Use your imagination.
I never want to use GPG again.
Ss has not reached stability of any kind. Decryption may require a build built at the exact version used to encrypt a message.
Lattice-based cryptography is young and not widely understood. Use at your own risk.
This project is free software released under the permissive Blue Oak Model License 1.0.0. All contributions must share this license.