-Usage is very simple:
-
- $ gohpenc -psk
- DTGZI5R2HS4YEDSIO56AFKPONE6KJE3Q2QETODDOH3O6UYFPROHQ
- $ echo "message to be transmitted" | gohpenc -k DTGZI5R2HS4YEDSIO56AFKPONE6KJE3Q2QETODDOH3O6UYFPROHQ > encrypted
- $ gohpenc -k DTGZI5R2HS4YEDSIO56AFKPONE6KJE3Q2QETODDOH3O6UYFPROHQ -d < encrypted
-
-How encryption/authentication is performed:
-
-* First 16 bytes of the stream contain random data -- nonce salt
-* XChaCha20-Poly1305 algorithm is initialized with the key and 24-byte
- nonce, where 16 bytes is the salt, and 8 bytes is 64-bit unsigned
- big-endian block number
-* 32-bit big-endian value with the length of the block is outputted,
- then an encrypted and authenticated block goes further, with
- authenticated data containing that 32-bit length value
-
- /----------BLOCK-------------\ /----------BLOCK------------\
-+------+-----+------------+----------+-----+------------+----------+----
-| SALT | LEN | CIPHERTEXT | AUTH TAG | LEN | CIPHERTEXT | AUTH TAG | ...
-+------+-----+------------+----------+-----+------------+----------+----
-
-gohpenc preallocates memory for one block for each thread and one block
-for buffered reading from stdin. If you want to process data with 1 MiB
-blocks in 4 threads, then you have to have at least 5 MiBs of free
-memory. Moreover you have at least 1 MiB of free memory on the
-decrypting side.