X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=README;h=d16ccebf98188a061c0e3da10448e99085ab5648;hb=c1f422272e2a54b19488ce5bdc4a14109bc2443f;hp=a307e8d7fea5aceb2c180379d8338851c12a5a8f;hpb=915a46b16cf4f61778e4b30364e299026656a60e;p=gohpenc.git diff --git a/README b/README index a307e8d..d16cceb 100644 --- a/README +++ b/README @@ -1,13 +1,19 @@ Go high-performance encryption utility. gohpenc highly resembles hpenc tool (https://github.com/vstakhov/hpenc). +hpenc solves the problem that there is no simple tool to quickly +transfer data with encryption and authentication: -Why it was written? hpenc has some problems: it does not work on aarch64 -and sparc64 architectures under FreeBSD (as seen in the port's Makefile) -and produces incompatible output (unauthenticated after 8192 blocks) -between FreeBSD and HardenedBSD systems somehow. Instead of painful -debugging I decided to write something similar on the Go language, -widening supported platforms. +* openssl enc -- uses single CPU, no authentication +* GnuPG -- complex key generation/management, relatively slow +* OpenSSH -- uses single CPU, not very fast + +Why gohpenc was written? hpenc has some problems: it does not work on +aarch64 and sparc64 architectures under FreeBSD (as seen in the port's +Makefile) and produces incompatible output (unauthenticated after 8192 +blocks) between FreeBSD and HardenedBSD systems somehow. Instead of +painful debugging I decided to write something similar on the Go +language, widening supported platforms. gohpenc is incompatible with hpenc and much simpler: @@ -27,9 +33,16 @@ But it still satisfies most of hpenc aims: dependent libraries contain assembly-optimized code * Built-in authentication and integrity check with small data overhead +Usage is very simple: + + $ gohpenc -psk + DTGZI5R2HS4YEDSIO56AFKPONE6KJE3Q2QETODDOH3O6UYFPROHQ + $ echo "message to be transmitted" | gohpenc -k DTGZI5R2HS4YEDSIO56AFKPONE6KJE3Q2QETODDOH3O6UYFPROHQ > encrypted + $ gohpenc -k DTGZI5R2HS4YEDSIO56AFKPONE6KJE3Q2QETODDOH3O6UYFPROHQ -d < encrypted + How encryption/authentication is performed: -* First 32 bytes of the stream contains random data, called salt +* First 32 bytes of the stream contain random data -- salt * BLAKE2X is initialized: unknown length, PSK key as a MAC key. It creates XOF that will be used as a KDF * Salt is fed into that XOF @@ -45,9 +58,10 @@ How encryption/authentication is performed: | SALT | LEN | CIPHERTEXT | AUTH TAG | LEN | CIPHERTEXT | AUTH TAG | ... +------+-----+------------+----------+-----+------------+----------+---- -gohpenc preallocates memory for one block for each thread. If you want -to process data with 1 MiB blocks in 4 threads, then you have to have at -least 4 MiBs of free memory. Moreover you have at least 1 MiB of free -memory on the decrypting side. +gohpenc preallocates memory for one block for each thread and one block +for buffered reading from stdin. If you want to process data with 1 MiB +blocks in 4 threads, then you have to have at least 5 MiBs of free +memory. Moreover you have at least 1 MiB of free memory on the +decrypting side. gohpenc is free software: see the file COPYING for copying conditions.