brxken128/dexios

Dexios - What is it?

Security Notices section of the Documentation

Dexios is a fast, secure, and open source command-line encryption tool. It's written entirely in Rust and prioritises security, performance and convenience the most. It uses modern cryptographic AEADs (XChaCha20-Poly1305, AES-256-GCM, and Deoxys-II-256), with audited backends to ensure the safety and integrity of your data. It's extremely easy to use Dexios before uploading your files to a cloud service, to ensure that no prying eyes can read them.

For notes on Deoxys-II, please see the Security Notices section of the Documentation.

You can install Dexios through cargo, with:

cargo install dexios

Or you can download a pre-compiled binary from the releases page!

This repo also contains the Dexios-Core library - it's used by Dexios itself for managing headers and cryptographic functions. This allows us to keep them isolated, and ensure that security-critical pieces of code remain maintainable.

You may view more information about Dexios and Dexios-Core in their respective folders. You can also view the documentation for the technical info!

Donating

If you like my work, and want to help support the project, feel free to donate! This is not necessary by any means, so please don't feel obliged to do so.

XMR: 84zSGS18aHtT3CZjZUnnWpCsz1wmA5f65G6BXisbrvAiH7PxZpP8GorbdjAQYRtfeiANZywwUPjZcHu8eXJeWdafJQFK46G
BTC: bc1q8x0r7khrfj40qd0zr5xv3t9nl92rz2387pu48u
ETH: 0x9630f95F11dFa8703b71DbF746E5c83A31A3F2DD
Issues

Collection of the latest Issues

Kispisti

Kispisti

bug
Comment Icon10

Maybe i missed something or what ,but....:

c:\Users\karbantartokac\Desktop\z>dex encrypt --auto 1.dat 1.enc -960996e0m Your generated passphrase is: September ←[36mℹ←[0m Using XChaCha20-Poly1305 for encryption ←[36mℹ←[0m Encrypting 1.dat (this may take a while) ←[32m✔←[0m Successfully hashed your key [took 2.96s] ←[32m✔←[0m Encryption successful! File saved as 1.enc [took 0.60s]

c:\Users\karbantartokac\Desktop\z>dex decrypt 1.enc 1.kii Password: September ←[36mℹ←[0m Using XChaCha20-Poly1305 for decryption ←[36mℹ←[0m Decrypting 1.enc (this may take a while) ←[32m✔←[0m Successfully hashed your key [took 2.85s] Error: Unable to decrypt your master key (maybe you supplied the wrong key?)

Am i do something wrong ?!

brxken128

brxken128

enhancement
Comment Icon0

For longer tasks, especially on slower machines, it would be ideal to have a progress indicator/progress bar to let the user know that things are still happening.

I think the indicatif crate will work just fine, and it should probably be feature-gated in the core library behind a visual feature. This will prevent pulling in unnecessary dependencies if the core library is used elsewhere and doesn't require this functionality.

This was mentioned in #94.

brxken128

brxken128

enhancement
Comment Icon0

This was mentioned in #100.

I think files such as cli.rs and main.rs would look exponentially nicer, and they would be easier to manage if we used the clap derive API.

We re-use a lot of arguments and it would just make the process a lot simpler, in theory.

pleshevskiy

pleshevskiy

bug
Comment Icon5

Describe the bug I want to pack my directory and Dexios doesn't erase the temporary file on failure.

To Reproduce Preface: You have data directory with some files.

Option 1:

  • Run dexios pack -py data data.enc
  • Dexios will ask you for your user password, but press Ctrl+C (or Cmd-C on Mac)

Option 2:

  • Run dexios pack -pyk not_exist.txt data data.enc
  • Dexios cannot find keyfile and will show error.

Expected behavior Dexios doesn't pack my folder and doesn't create the temporary file (or erase it after fail).

Actual behavior Dexios doesn't pack my folder but creates the temporary file data.enc.xxxxxx

Screenshots

Desktop (please complete the following information):

  • OS: Ubuntu
  • Version: 20.04.4
brxken128

brxken128

enhancement
Comment Icon0

I think a good starting point would be to add:

  • English
  • Russian
  • French

(as a minimum)

This will be a very large task, and will require a lot of re-writing and translating.

I have a bit of knowledge regarding both Russian and French, but my translations likely will not be 100% accurate.

carkar99

carkar99

enhancement
Comment Icon1

Hi, would you consider adding support for reading data from stdin and write the encrypted stream to stdout (and vice versa). Would come in handy in pipeline jobs.

Greetings

Kispisti

Kispisti

enhancement
Comment Icon8

Hi !

At first ,thanks for Dexios ! It is a cool ,great job.

    • Well ,it would be nice to integrate it into Explorer/context menu in Win (at least when decrypt) ,but i cant do it. An option is missing to tell Dexios to open a browser window for target folder designation. Can you do it ? Is it a viable idea ?
    • ZSTD : I hope its not too late ,but a customizable compression setting/level would be nice ,too.
    • Two weeks ago you rejected to add SERPENT into cascade mode. But now i please you again to reconsider it. Not for a permanent cascade mode ,just an additional option to use ,just like in P__oC___t. (It has no CLI ,drag and drop based ,i dont use it. Unconvenient for me)

All the best for you!

brxken128

brxken128

enhancement
Comment Icon1

I think 8 keyslots (the same as LUKS) is a suitable number. It provides a good balance between extreme header size, and flexibility for the user.

Each key = 48 bytes (as of v8.7.0), but we could easily add support for balloon AND argon with a byte identifier. I understand that some people will prefer argon2id over blake3-balloon, so adding the option won't be a bad idea.

Each key could now be prefixed with DK (dexios key), and then an identifier (A3 or B4 for argon-param v3 and balloon-param v4 respectively)

e.g. [DK, A2] would signify it's a key hashed with argon2id, param version 2.

[DK, 00] should be used to specify if the keyslot is disabled or not.

Versions

Find the latest versions by id

v8.7.0 - Jun 21, 2022

What's Changed

SHA256 Checksums - Please compare with the hash from this Github action

Full Changelog: https://github.com/brxken128/dexios/compare/v8.6.2...v8.7.0

v8.6.2 - Jun 11, 2022

This update fixes some quirks with pack mode on Windows.

The zip crate was treating the backslash characters in paths as a weird symbol, so the patch replaces \ with / within those paths. This has no adverse effects from my testing, and all works as intended now.

WalkDir was also implemented for pack mode, and I plan to implement this for erase/directory mode in the near future. It seems to work much better than the file indexer I created, as it handles the root paths in a more appropriate manner.

What's Changed

SHA256 Checksums - Please compare with the hash from this Github action

Full Changelog: https://github.com/brxken128/dexios/compare/v8.6.0...v8.6.2

v8.6.0 - Jun 09, 2022

What's Changed

SHA256 Checksums - Please compare with the hash from this Github action

Full Changelog: https://github.com/brxken128/dexios/compare/v8.5.0...v8.6.0

v8.5.0 - Jun 09, 2022

What's Changed

SHA256 Checksums - Please compare with the hash from this Github action

Full Changelog: https://github.com/brxken128/dexios/compare/v8.4.0...v8.5.0

v8.4.0 - Jun 02, 2022

What's Changed

  • Remove Pack/Unpack modes by @brxken128 in https://github.com/brxken128/dexios/pull/28
    • This helps prevent some potential vulnerabilities (such as zip-slipping). As we support more OSes, these become increasingly harder to protect against
  • V3 Headers and AAD by @brxken128 in https://github.com/brxken128/dexios/pull/29
  • Argon2id parameters have been hardened marginally
  • Headers are now authenticated with AAD, and not HMAC
  • The codebase has been cleaned up heavily
  • The attack surface has been reduced
  • Add a warning when users decrypt a file using an older header version, and recommend that they re-encrypt at their earliest convenience

SHA256 Checksums - Please compare with the hash from this Github action

Full Changelog: https://github.com/brxken128/dexios/compare/v8.3.0...v8.4.0

v8.3.0 - May 31, 2022

What's Changed

  • Bumped header version up to 2
  • Hardened argon2id parameters considerably (m = 512, t = 8, p = 4)
  • Windows is now supported (mostly)
  • SHA3-512 HMAC sign and verify the headers using the spare 16 bytes we had available
  • Fix paris output where newlines would not be added (this involved removing all of the "loading..." features)
  • Remove compression altogether from pack modes

SHA256 Checksums - Please compare with the hash from this Github action

v8.2.0 - May 29, 2022

What's Changed

Full Changelog: https://github.com/brxken128/dexios/compare/v8.1.1...v8.2.0

Checksums - Please compare with the hash from this Github action

v8.1.1 - May 28, 2022

What's Changed

  • Subcommand, struct, enum refactoring by @brxken128 in https://github.com/brxken128/dexios/pull/22
  • Fixed FreeBSD compilation issues
  • Fix a potential zip slip vulnerability in unpack mode
  • The malformed files are now automatically deleted if there's an error during stream encryption/decryption modes

Full Changelog: https://github.com/brxken128/dexios/compare/v8.1.0...v8.1.1

Checksums - Please compare with the hash from this Github action

v8.1.0 - May 27, 2022

What's Changed

v8.0.0

New Contributors

Full Changelog: https://github.com/brxken128/dexios/compare/v7.4.9...v8.1.0

Checksums - Please compare with the hash from this Github action

v7.4.9 - May 21, 2022

What's Changed

Please note: XChaCha20-Poly1305 is now the default cipher. AES-256-GCM will still be fully supported, and you can choose to use AES-256-GCM with the -g switch. This switch will be needed to decrypt your previously-encrypted files - I apologise for the inconvenience.

Checksums - Please compare with the hash from this Github action

Full Changelog: https://github.com/brxken128/dexios/compare/v6.3.5...v7.4.9

v6.3.5 - May 13, 2022

There has been a lot of improvements in the past few versions.

What's Changed

  • Remove serde, serde_json and base64 by @brxken128 in https://github.com/brxken128/dexios/pull/1
  • Stream Encryption by @brxken128 in https://github.com/brxken128/dexios/pull/2
  • Massive performance improvements since v4.0.0
  • Changed SHA3-512 to BLAKE3
  • Uses argon2id
  • Has the ability to encrypt/decrypt files in streaming mode, rather than loading it all into memory
  • File sizes have gone down immensely due to dropping base64
  • Support for the DEXIOS_KEY environment variable

Information - Updated Sep 06, 2022

Stars: 123
Forks: 10
Issues: 7

Repositories & Extras

rabe is a rust library implementing several Attribute Based Encryption (ABE) schemes using a modified...

rabe is a rust library implementing several Attribute Based Encryption (ABE) schemes using a modified version of the bn library of zcash (type-3 pairing /...

rabe is a rust library implementing several Attribute Based Encryption (ABE) schemes using a modified...

Cloaker is a rust based file encryption library

A cross platform way to encrypt files using strong crypto

Cloaker is a rust based file encryption library

Elliptic Curve Integrated Encryption Scheme for secp256k1 in Rust, based on pure Rust implementation of...

Elliptic Curve Integrated Encryption Scheme for secp256k1 in Rust, based on eciespy

Elliptic Curve Integrated Encryption Scheme for secp256k1 in Rust, based on pure Rust implementation of...

Efficient pure-Rust library for the Paillier partially homomorphic encryption scheme, offering also packed encoding for...

Efficient pure-Rust library for the RAMP and Snips who implemented the KZen networks who contributed with implementations of many zero-knowledge proofs

Efficient pure-Rust library for the Paillier partially homomorphic encryption scheme, offering also packed encoding for...

Pure Rust implementation of the lightweight Authenticated Encryption and Associated Data (AEAD) Ascon-128 and

Pure Rust implementation of the lightweight Authenticated Encryption and Associated Data (AEAD)

Pure Rust implementation of the lightweight Authenticated Encryption and Associated Data (AEAD) Ascon-128 and

Rust Encryption/Decryption Library

Every algorithm is designed from scratch, so I cannot guarantee anything

Rust Encryption/Decryption Library

Public key authenticated encryption in Rust

This is an example implementation of public key authenticated encryption (PKAE)

Public key authenticated encryption in Rust

A minimalistic encryption protocol for rust async streams / packets, based on noise protocol and...

A minimalistic encryption protocol for rust async streams / packets, based on snow

A minimalistic encryption protocol for rust async streams / packets, based on noise protocol and...

Rust implementation for the Crypt4GH encryption format

In the Linux (x86_64-unknown-linux-gnu)

Rust implementation for the Crypt4GH encryption format

Modular password-based encryption for Rust

pwbox crate provides utilities for password-based encryption together with

Modular password-based encryption for Rust

This crate has not been security reviewed yet, use at your own risk

(ece crate is a Rust implementation of Message Encryption for Web Push

This crate has not been security reviewed yet, use at your own risk

Pure Rust implementation of the lightweight Authenticated Encryption and Associated Data (AEAD) scheme ISAP

Pure Rust implementation of the lightweight Authenticated Encryption and Associated Data (AEAD) scheme

Pure Rust implementation of the lightweight Authenticated Encryption and Associated Data (AEAD) scheme ISAP
Facebook Instagram Twitter GitHub Dribbble
Privacy