A tool for strong file encryption.

Features

Easy to use

• Plain and simple encryption/decryption of any file with a passphrase.
• No cryptographic keys required (although pepper files are supported).
• Familiar CLI interface, similar to gzip.

Resistant against cryptanalytic attacks

• Strong encryption, making brute-force key attacks impractical.
  • Four levels of encryption, each with a 256-bit key.
  • The total effective key space is 2¹⁰²⁴ (for reference, the age of the universe is less than 2⁷⁹ microseconds).
• High cost key derivation function, making brute-force passphrase attacks impractical.
  • Configurable cost, up to several minutes per passphrase-to-key derivation on a 5 GHz CPU core.
  • Cache hard algorithm, making GPU implementations inefficient.
  • Strong salt, making precomputed rainbow table attacks impractical.
  • Optional strong secret pepper for additional security.
• The decryption algorithm does not know nor report whether the passphrase was correct or not.
  • Decryption always produces a result (with an incorrect passphrase the result will be garbage).
  • An attacker has to inspect the decrypted message and heuristically determine if it is correct.

Portable

• Written in portable C11.
• Works on most operating systems (including Linux, macOS, Windows, FreeBSD).
• Works on most CPU architectures (including 64- and 32-bit x86, ARM, RISC-V, etc).
• Fully self contained without any dependencies on 3rd party cryptography libraries.

Free, open source and public domain

All code is free and unencumbered software released into the public domain, including the cryptographic algorithms.

For more information, see unlicense.org.

Installation

Prerequisites: A C compiler and CMake. For Linux targets, GTK 3 is also recommended to enable GUI dialogs (e.g. apt install libgtk-3-dev on Ubuntu).

To build:

mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release ../src
cmake --build .

The resulting executable file is out/ezcrypt.

To install (from the out folder):

sudo cmake --install .

Testing

To run a full build-and-test suite in a Docker environment (from the repo root):

docker-compose build
docker-compose run --rm ezcrypt-test

Example usage

The canonical help for ezcrypt can be obtained with:

$ ezcrypt --help

Encrypt a file

Encrypt the file myfile, with the passphrase provided via a terminal prompt (or a GUI prompt where available). The output file is called myfile.z (the original file is kept):

$ ezcrypt myfile
Enter passphrase:
Please repeat the passphrase:

Decrypt a file

Decrypt the file myfile.z, with the passphrase provided via a terminal prompt. The output file is called myfile (the original file is kept):

$ ezcrypt -d myfile.z
Enter passphrase:

Decrypt and print a file

Decrypt the file myfile.z to stdout, with the passphrase provided via the environment variable $SECRET:

$ ezcrypt --show -E SECRET myfile.z

Encrypt & decrypt via pipes

$ echo "Hello world!" | ezcrypt -E SECRET | ezcrypt -d -E SECRET
Hello world!

Edit an encrypted text file

Edit the plaintext contents of the encrypted file myfile.z, using the default text editor (e.g. $EDITOR or notepad.exe):

$ ezcrypt --edit myfile.z

Note: If the plaintext is not modified by the editor, myfile.z remains unmodified. This is useful if you accidentally use the wrong passphrase (you will notice right away since the plaintext will appear as garbage), in which case you can just exit the editor.

Principles

File format

Encryption is done in four layers. At each level a different cipher is used, and each level has its own encyrption key and its own initialization vector (IV). The different ciphers are:

1. AES, CBC, 256-bit key (outermost level)
2. ChaCha, 20 rounds, 256-bit key
3. Twofish, CBC, 256-bit key
4. Serpent, CBC, 256-bit key (innermost level)

The salt and the IV for each encryption level is generated from system level entropy (i.e. highly random data), and is different for each run of ezcrypt. Thus encrypting the same file twice will result in two different ciphertexts (even if the same passphrase is used).

Note that the encrypted file does not contain any header or other identification metadata. This is by design.

Key derivation

The key at each level is generated from a combination of the user supplied passphrase, an optional user supplied pepper file (hashed to 256 bits) and a per-level 256-bit salt. This is done using a compute intensive key derivation function called ZKDF.

Resources

• Codeberg (main host)
• repo.or.cz (mirror)
• Mastodon