README
ΒΆ
Effuse - AES-256 File Encryption Utility
Effuse is a robust command-line utility designed for secure file encryption and decryption, leveraging the industry-standard AES-256 algorithm. It offers a flexible and highly secure method to protect your sensitive data, allowing you to choose between a strong password or a PEM key for cryptographic operations. With features like per-file salting, PBKDF2 key derivation, and secure deletion of original files, Effuse ensures that your information remains confidential and protected against unauthorized access.
β¨ Features
- AES-256 Encryption: Strong encryption to keep your files secure.
- Password or PEM Key: Choose between a password or a PEM key for encryption.
- Per-File Salt: A random salt is generated for each file when using a password, enhancing security.
- PBKDF2: Uses PBKDF2 to derive the encryption key from a password.
- File Type Detection: Automatically detects the file type and restores it upon decryption.
- Key Generation: Generate a PEM key from a source file for added entropy.
- Secure Deletion: The original file is securely removed after encryption/decryption.
π¦ Installation
Download Binary (Recommended)
You can download the pre-compiled binaries for your OS based on architecture from the Release page.
- Unzip the downloaded file.
- Move the binary to a directory in your system
PATH.
Build from Source
Prerequisites
- Go: Ensure you have Go installed on your machine. You can download and install it from go.dev/doc/install.
Steps:
- Clone the repository:
git clone https://github.com/Arshit01/Effuse.git cd Effuse - Build the binary using the provided script (handles dependencies automatically):
This will create binaries in the./build.shdistdirectory, organized by architecture and OS (e.g.,dist/amd64/linux/effuse).
π― Usage
Effuse uses a subcommand-based approach.
effuse [command] [flags] [files...]
π Encrypt a File
- With Password
./effuse encrypt <file-to-encrypt> - With PEM Key
./effuse encrypt <file-to-encrypt> --key <path-to-pem-key>
π Decrypt a File
- With Password
./effuse decrypt <file-to-decrypt.eff> - With PEM Key
./effuse decrypt <file-to-decrypt.eff> --key <path-to-pem-key>
ποΈ Generate a PEM Key
- From Source File
./effuse genkey <source-file>The source file acts as entropy. This creates
key.pemin the current directory.
π Get File Info
- View Metadata
./effuse info <file.eff>
ποΈ File Header Format
The encrypted file has a custom header to store encryption metadata.
- MAGIC (6 bytes):
EFFUSE - VERSION (2 bytes):
v1 - ITER (4 bytes BE): PBKDF2 iterations (uint32)
- SALT_LEN (1 byte): length of salt (uint8)
- SALT (salt_len bytes)
- IV (16 bytes)
- CIPHERTEXT (rest)
π Key Derivation
The encryption key is derived from a password using PBKDF2-HMAC-SHA256. A random salt and a random number of iterations are used for each encryption.
π PEM Key Generation
A PEM key can be generated using the genkey command. This uses a source file as entropy to generate a 4096-bit RSA key. The key is saved to key.pem in the current directory.
π License
This project is licensed under the AGPL-3.0-only license.
See the LICENSE file for details.
Directories