X-Git-Url: http://www.git.cypherpunks.ru/?p=gohpenc.git;a=blobdiff_plain;f=README;fp=README;h=d16ccebf98188a061c0e3da10448e99085ab5648;hp=802056ab261b239612e146fbc06157c6dc9209d8;hb=db781dbdb4806867e8e2e378ceb20cf886e8fa4c;hpb=ae7a2efeea1aadfaf3a098e0449997f5b5840b44 diff --git a/README b/README index 802056a..d16cceb 100644 --- a/README +++ b/README @@ -1,13 +1,19 @@ Go high-performance encryption utility. gohpenc highly resembles hpenc tool (https://github.com/vstakhov/hpenc). +hpenc solves the problem that there is no simple tool to quickly +transfer data with encryption and authentication: -Why it was written? hpenc has some problems: it does not work on aarch64 -and sparc64 architectures under FreeBSD (as seen in the port's Makefile) -and produces incompatible output (unauthenticated after 8192 blocks) -between FreeBSD and HardenedBSD systems somehow. Instead of painful -debugging I decided to write something similar on the Go language, -widening supported platforms. +* openssl enc -- uses single CPU, no authentication +* GnuPG -- complex key generation/management, relatively slow +* OpenSSH -- uses single CPU, not very fast + +Why gohpenc was written? hpenc has some problems: it does not work on +aarch64 and sparc64 architectures under FreeBSD (as seen in the port's +Makefile) and produces incompatible output (unauthenticated after 8192 +blocks) between FreeBSD and HardenedBSD systems somehow. Instead of +painful debugging I decided to write something similar on the Go +language, widening supported platforms. gohpenc is incompatible with hpenc and much simpler: @@ -27,9 +33,16 @@ But it still satisfies most of hpenc aims: dependent libraries contain assembly-optimized code * Built-in authentication and integrity check with small data overhead +Usage is very simple: + + $ gohpenc -psk + DTGZI5R2HS4YEDSIO56AFKPONE6KJE3Q2QETODDOH3O6UYFPROHQ + $ echo "message to be transmitted" | gohpenc -k DTGZI5R2HS4YEDSIO56AFKPONE6KJE3Q2QETODDOH3O6UYFPROHQ > encrypted + $ gohpenc -k DTGZI5R2HS4YEDSIO56AFKPONE6KJE3Q2QETODDOH3O6UYFPROHQ -d < encrypted + How encryption/authentication is performed: -* First 32 bytes of the stream contains random data, called salt +* First 32 bytes of the stream contain random data -- salt * BLAKE2X is initialized: unknown length, PSK key as a MAC key. It creates XOF that will be used as a KDF * Salt is fed into that XOF