Introduction
Open source cross-platform software for file encryption with wallet-based 2FA
We developed this software to meet the essential requirements for security and convenience in managing sensitive data. Our solution, built in Rust and functioning as a command-line interface (CLI), offers a suite of vital features aimed at preserving the confidentiality and integrity of encrypted files and folders.
Primarily, our software creates TAR archives of specified files or folders, subsequently compressing them with Gzip to optimize storage space. Following this, it encrypts the archive using the XChaCha20-Poly1305 algorithm, renowned for its robust security and performance.
What sets our solution apart is its two-factor authentication system, combining a password with the signature of an Ethereum wallet for data access. This dual authentication enhances security, akin to the approach employed by YubiKeys, but with the additional benefit of a Ledger key. This Ledger key not only streamlines financial management but also grants access to encrypted files. With the increasing popularity of secure electronic wallets like Ledger keys, offering exceptionally high levels of security, our solution becomes all-encompassing. Users can enjoy the convenience of a unified system where both their finances and sensitive data are protected using the same secure method. This not only enhances convenience and efficiency but also ensures an optimal level of security.
This system ensures that data remains inaccessible to individuals without both the password and the associated Ethereum wallet, significantly enhancing data security.
Furthermore, our software boasts several technical advantages. With a compact size of only 6.5 MB, it is lightweight and easily distributable. Thanks to Rust, it is also swift and resilient, guaranteeing optimal performance across all major operating systems, including Windows, macOS, and Linux.
In summary, our software offers a comprehensive and secure solution for archiving, compressing, and encrypting sensitive data, leveraging the latest advancements in electronic wallet security. With its lightweight, fast, and robust interface, our solution provides a seamless user experience across all major operating systems.
Encryption
Owner Verification
Recover the public key from a given ECDSA (Elliptic Curve Digital Signature Algorithm) signature and check if match with given public key (hashed first 32 bytes secp256k1).
Archive & Compression
First, a temporary file is created at the location specified by the input file or directory with "name_temp" extention. Then, the content of the file or directory is compressed using the GZip compression algorithm. To achieve this, the data is added to a Tar archive, and then this archive is compressed with GZip.
Encryption
This encryption begins by generating a nonce from the provided password and a key from the provided signature. It then initializes an AEAD (Authenticated Encryption with Associated Data) cipher with the XChaCha20-Poly1305 algorithm, using the generated key and nonce. This ensures the confidentiality and integrity of the data being encrypted. Subsequently, it reads the content of the temporary file "name_temp" in blocks of 4096 bytes, encrypts them with the AEAD cipher, and writes the encrypted blocks to the "name.waba" output file.
Decryption
Owner Verification
Recover the public key from a given ECDSA (Elliptic Curve Digital Signature Algorithm) signature and check if match with given public key (hashed first 32 bytes secp256k1).
Decryption
The decryption process starts by generating a nonce from the provided password and a key from the provided signature. It then initializes an AEAD (Authenticated Encryption with Associated Data) cipher with the XChaCha20-Poly1305 algorithm, using the generated key and nonce. This ensures the confidentiality and integrity of the data being decrypted. Subsequently, it reads the content of the encrypted file in blocks of 4112 bytes (4096 bytes + 16 bytes authentication tag), decrypts them with the AEAD cipher, and writes the decrypted blocks to the output temporary file "name_temp".
Unarchive & Decompression
The content of the temporary file "name_temp" is decompressed using the GZip decompression algorithm. After, the data is extracted from uncrompressed Tar archive, and then write to output directory name.