Skip to content

Commit

Permalink
Merge branch 'release/0.7.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
@koga73
koga73 committed Feb 3, 2023
2 parents c6e0dc2 + 120a72a commit fd8e3a1
Show file tree
Hide file tree
Showing 9 changed files with 189 additions and 150 deletions.
5 changes: 4 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,4 +101,7 @@ typings/
.dynamodb/

# TernJS port file
.tern-port
.tern-port

# build
build/
88 changes: 61 additions & 27 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,32 +7,21 @@ A secure archiver intended to store crypto keys and seed phrases

## Install with NodeJS

If you use NodeJS you can install the npm package for command line use
If you use NodeJS you can install the npm package for command line use:

```
npm install incypher --global
```

## Pre-built Binaries
---

## Install pre-built binaries

Don't know what NodeJS is? You can use the pre-built binaries instead!
<br/>
Download the executables from the ```build``` directory and use them from the command line

## Build

If you prefer you can build the binaries yourself
Download the executables from the [latest release](https://github.com/koga73/incypher/releases)

- Install [NodeJS](https://nodejs.org/en/)

Then ```cd``` to this directory and run the following commands

```
npm install
npm run build
```

Binaries will be output to the ```build``` directory
---

## Usage

Expand Down Expand Up @@ -98,18 +87,63 @@ incypher erase ./ravencoin.txt
incypher nuke
```

### Notes
- You can optionally you can drag-and-drop file(s) on the executable to import them directly
##### Edit config

```
incypher config
```

---

## Cloud sync

Incypher supports syncing your encrypted keystore to the cloud making it easy to use across multiple platforms!
<br/>
<br/>
The config contains commands to ```init```, ```upload``` and ```download``` using *rclone* by default. We recommend using *rclone* as it can connect to many different cloud providers as well as virtual backends that can add additional encryption, chunking and compression.

### Enabling cloud sync

Follow the steps below to enable cloud sync:

1. Install and configure [rclone](https://rclone.org)
1. Add ```rclone``` to your ```PATH```
1. Run ```incypher config``` to edit the config file
1. Update ```sync```.```enabled```: to ```true```

Optionally you can customize the ```init```, ```upload``` and ```download``` commands in the config file to suit your needs.

---

## Build

If you prefer you can build the binaries yourself:

1. Install [NodeJS](https://nodejs.org/en/)
1. ```cd``` to the code directory
1. ```npm install```
1. ```npm run build```

Binaries will be output to the ```build``` directory

---

## Encryption Details

Incypher creates an archive and encrypts the data using [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)-[GCM](https://en.wikipedia.org/wiki/Galois/Counter_Mode) as follows
Incypher creates an archive then encrypts the data using [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)-[GCM](https://en.wikipedia.org/wiki/Galois/Counter_Mode) as follows

1. A 12-byte initial IV (Initialization Vector) is generated via a cryptographically secure random bytes generator and is written to the file header
2. A 32-bit currentIncrement value starts at random (0-65535) and increments once each time we encrypt and is written to the file header
3. A deterministic IV is constructed via the starting IV, a fixed value and the currentIncrement value
4. The deterministic IV function follows NIST SP-800-38D: 8.2.1 Deterministic Construction
5. This ensures that we do not reuse the same IV and it cannot be predicted per AES-GCM specifications
6. A 16-byte random salt is generated via a cryptographically secure random bytes generator and is written to the file header
7. The random salt is then combined with the user passphrase and hashed via scrypt to generate the 256-bit encryption key
8. Encryption takes place using AES-256-GCM and the resulting GCM integrity tag is appended to the end of the ciphertext
1. A 32-bit currentIncrement value starts at random (0-65535) and increments once each time we encrypt and is written to the file header
1. A deterministic IV is constructed via the starting IV, a fixed value and the currentIncrement value
1. The deterministic IV function follows NIST SP-800-38D: 8.2.1 Deterministic Construction
1. This ensures that we do not reuse the same IV and it cannot be predicted per AES-GCM specifications
1. A 16-byte random salt is generated via a cryptographically secure random bytes generator and is written to the file header
1. The random salt is then combined with the user passphrase and hashed via scrypt to generate the 256-bit encryption key
1. Encryption takes place using AES-256-GCM and the resulting GCM integrity tag is appended to the end of the ciphertext

---

## Notes
- You can override the default config directory location by creating an environment variable called ```INCYPHER_HOME```
- You can optionally drag-and-drop file(s) on the executable to import them directly
- You can disable encryption by passing an empty passphrase (not recommended). With encryption disabled you can open the store.incypher file with your favorite zip archiver

0 comments on commit fd8e3a1

Please sign in to comment.