hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
219 Commits 1 Branch 0 Tags
2c2f623df4e67ee125678fa13f6752310f0a9151
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Hatter Jiang 2c2f623df4 feat: add auto select key ids
2023-12-10 14:08:02 +08:00
src
feat: add auto select key ids
2023-12-10 14:08:02 +08:00
swift-lib
feat: udpate swift lib
2023-12-09 15:16:25 +08:00
swift-rs
feat: rm unused files
2023-12-09 19:04:56 +08:00
.gitignore
feat: secure enclave is on going
2023-12-09 11:43:21 +08:00
build.rs
feat: secure enclave is on going
2023-12-09 11:43:21 +08:00
Cargo.lock
feat: v1.4.4, support config environment
2023-12-10 13:01:10 +08:00
Cargo.toml
feat: v1.4.4, support config environment
2023-12-10 13:01:10 +08:00
justfile
feat: v1.4.2, add latest user agent in meta
2023-12-10 10:49:02 +08:00
LICENSE
Initial commit
2022-04-23 11:37:24 +08:00
README.md
feat: v1.4.0, support PIV RSA key
2023-12-10 09:58:08 +08:00
USAGE.md
feat: add usage
2023-10-02 09:14:50 +08:00

README.md

tiny-encrypt-rs

IMPORTANT: To use tiny-encrypt, a Yubikey(https://www.yubico.com/products/) is required, the key MUST support PIV or OpenPGP.

Tiny encrypt for Rust

Specification: Tiny Encrypt Spec V1.1

Tiny encrypt rs is a Rust implementation of Tiny encrypt java https://git.hatter.ink/hatter/tiny-encrypt-java
Tiny encrypt spec see: https://github.com/OpenWebStandard/tiny-encrypt-format-spec

Repository address: https://git.hatter.ink/hatter/tiny-encrypt-rs mirror https://github.com/jht5945/tiny-encrypt-rs

Set default encryption algorithm:

export TINY_ENCRYPT_DEFAULT_ALGORITHM='AES' # or CHACHA20

Compile only encrypt:

cargo build --release --no-default-features

Edit encrypted file:

tiny-encrypt decrypt --edit-file sample.txt.tinyenc

Read environment EDITOR or SECURE_EDITOR to edit file, SECURE_EDITOR write encrypted file to temp file.

Secure editor command format:

$SECURE_EDITOR <temp-file-name> "aes-256-gcm" <temp-key-hex> <temp-nonce-hex>

Encrypt config ~/.tinyencrypt/config-rs.json:

{
  "envelops": [
    {
      "type": "pgp",
      "kid": "KID-1",
      "desc": "this is key 001",
      "publicPart": "----- BEGIN PUBLIC KEY ..."
    },
    {
      "type": "ecdh",
      "kid": "KID-2",
      "desc": "this is key 002",
      "publicPart": "04..."
    }
  ],
  "profiles": {
    "default": [
      "KID-1",
      "KID-2"
    ],
    "l2,leve2": [
      "KID-2"
    ]
  }
}

Supported PKI encryption types:

Type Algorithm Description
pgp-rsa PKCS1-v1.5 OpenPGP Encryption Key (Previous pgp)
pgp-x25519 ECDH(X25519) OpenPGP Encryption Key
static-x25519 ECDH(X25519) Key Stored in KeyChain
piv-p256 ECDH(secp256r1) PIV Slot (Previous ecdh)
piv-p384 ECDH(secp384r1) PIV Slot (Previous ecdh-p384)
key-p256 ECDH(secp256r1) Key Stored in Secure Enclave
piv-rsa PKCS1-v1.5 PIV Slot

Smart Card(Yubikey) protected ECDH Encryption description:

┌───────────────────┐                     ┌───────────────────────────┐
│Tiny Encrypt       │                     │Smart Card (Yubikey)       │
│                   │  Get Public Key(P)  │                           │
│                   │ ◄───────────────────┤ Private Key(d)            │
│                   │                     │ P = dG                    │
│                   │ Temp Private Key(k) │                           │
└───────────────────┘ Q = kG              └───────────────────────────┘

                      Shared Secret = kP = kdG

                      Store Q, Encrypt using derived key from Shared Secret


                      Send Q to Smart Card
                      ───────────────────►
                                          Shared Secret = dQ = kdG

                               Decrypt using derived key from restored Shared Secret
Reference in New Issue View Git Blame Copy Permalink
Description
Tiny encrypt for Rust
aeschacha20ecdhopenpgppivsecure-enclavetinyencryptx25519yubikey
Readme MIT 4.6 MiB
Languages
Rust 99.7%
Just 0.3%