Ss is a tool and library to perform passphrase-based or PKI-based file and stream encryption. It is built using:
Streamlined NTRU Prime 4591^761 Cryptosystem (for PKI and shared key exchange)
ChaCha20-Poly1305 (for Authenticated Encryption with Associated Data of encrypted messages and secret key files)
Argon2id (for passphrase-based key derivation)
To use the PKI features, first generate your default keys with
Be sure to backup the created keys. Secret keys are always encrypted with your
passphrase, and provided a sufficiently-strong passphrase was used, are safe to
backup with untrusted parties.
Files and streams can be encrypted for yourself with
ss encrypt. By default,
stdin is read and encrypted to stdout. Use the
-out flags, or use
shell redirection, to deal with file input/output.
Encryption for another party is configured by specifying their identity name or
their pubkey file with the
-i parameter. Using identity names requires their
key to be recorded at
Decryption is performed using
ss decrypt. Like
encrypt, this operation
consumes stdin and writes to stdout by default, and the same flags are used to
change this behavior.
Passphrase encryption operates similarly to PKI encryption, but does not require any keyfiles. Instead, messages are encrypted with a key derived through a passphrase.
Passphrase encryption is performed with
ss encrypt -passphrase. Decrypting
this output does not require any additional options.
$ go install github.com/jrick/ss
What does Ss stand for?
Or something else. I don't care. Use your imagination.
Why make this?
I never want to use GPG again.
Ss has not reached stability of any kind. Decryption may require a build built at the exact version used to encrypt a message.
Lattice-based cryptography is young and not widely understood. Use at your own risk.
This project is free software released under the permissive Blue Oak Model License 1.0.0. All contributions must share this license.