X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=README;h=46c7543d216e8fc006ec20445bb85735a189c933;hb=862a3d990650ddc4284437b8592be26e7b595413;hp=802056ab261b239612e146fbc06157c6dc9209d8;hpb=ae7a2efeea1aadfaf3a098e0449997f5b5840b44;p=gohpenc.git diff --git a/README b/README index 802056a..46c7543 100644 --- a/README +++ b/README @@ -1,54 +1,37 @@ Go high-performance encryption utility. gohpenc highly resembles hpenc tool (https://github.com/vstakhov/hpenc). - -Why it was written? hpenc has some problems: it does not work on aarch64 -and sparc64 architectures under FreeBSD (as seen in the port's Makefile) -and produces incompatible output (unauthenticated after 8192 blocks) -between FreeBSD and HardenedBSD systems somehow. Instead of painful -debugging I decided to write something similar on the Go language, -widening supported platforms. - -gohpenc is incompatible with hpenc and much simpler: - -* it uses only ChaCha20-Poly1305 algorithm -* no random data generation mode -* no metadata in output stream and no structure validation. Only blocks - authentication -* simpler key derivation -- new key for each block - -But it still satisfies most of hpenc aims: - -* Very simple key management -- single pre-shared key -* Parallelizeable -- each block is encrypted in different thread, so all - your CPUs could be utilized -* Very fast -- ChaCha20-Poly1305 is fast even on relatively low-end - devices like mobile devices. Despite gohpenc is written on Go, its - dependent libraries contain assembly-optimized code -* Built-in authentication and integrity check with small data overhead - -How encryption/authentication is performed: - -* First 32 bytes of the stream contains random data, called salt -* BLAKE2X is initialized: unknown length, PSK key as a MAC key. It - creates XOF that will be used as a KDF -* Salt is fed into that XOF -* All data is processed block by block -* New key is derived for each block by reading it from the XOF -* ChaCha20-Poly1305 algorithm is initialized with that key -* 32-bit big-endian value with the length of the block is outputted, - then an encrypted and authenticated block goes further, with - authenticated data containing that 32-bit length value - - /----------BLOCK-------------\ /----------BLOCK------------\ -+------+-----+------------+----------+-----+------------+----------+---- -| SALT | LEN | CIPHERTEXT | AUTH TAG | LEN | CIPHERTEXT | AUTH TAG | ... -+------+-----+------------+----------+-----+------------+----------+---- - -gohpenc preallocates memory for one block for each thread and one block -for buffered reading from stdin. If you want to process data with 1 MiB -blocks in 4 threads, then you have to have at least 5 MiBs of free -memory. Moreover you have at least 1 MiB of free memory on the -decrypting side. +hpenc solves the problem that there is no simple tool to quickly +transfer data with encryption and authentication: + +* openssl enc -- non-parallelized, no authentication +* GnuPG -- non-parallelized, complex key generation/management +* age -- non-parallelized +* OpenSSH -- non-parallelized, not very fast + +Why gohpenc was written? hpenc has some problems: it does not work on +aarch64 and sparc64 architectures under FreeBSD (as seen in the port's +Makefile) and produces incompatible output (unauthenticated after 8192 +blocks) between FreeBSD and HardenedBSD systems somehow. Instead of +painful debugging I decided to write something similar on the Go +language, widening supported platforms. But with loose of compatibility +with hpenc. + +Also hpenc won't fail if transmission was truncated (in valid block +bounds). + +It uses ChaCha20-Poly1305, parallelized AEAD encryption of blocks. + + $ key=`gohpenc -psk` + $ echo "message to be transmitted" | gohpenc -k $key > encrypted + $ gohpenc -d -k $key < encrypted + +Blocksize can be specified with -b option (in KiBs). By default it uses +1MiB blocks. By default all CPUs are used, that can be overriden with -c +option. If you have got 8 CPUs, then you require (8+1)*1MiB=9MiB of +memory for buffers allocation. + +There is random number generation mode (-r option), that just generates +random key and encrypt dummy data in the buffers. gohpenc is free software: see the file COPYING for copying conditions.