All Projects → cryptag → Cryptag

cryptag / Cryptag

Licence: other
Encrypted, taggable, searchable cloud storage

Programming Languages

go
31211 projects - #10 most used programming language

Projects that are alternatives of or similar to Cryptag

Sdk Js
Tanker client-side encryption SDK for JavaScript
Stars: ✭ 786 (+341.57%)
Mutual labels:  cryptography, privacy, encryption
Cryptomator
Multi-platform transparent client-side encryption of your files in the cloud
Stars: ✭ 6,623 (+3620.79%)
Mutual labels:  cloud-storage, cryptography, privacy
Swifty
🔑 Free Offline Password Manager
Stars: ✭ 496 (+178.65%)
Mutual labels:  cryptography, privacy, encryption
Cryfs
Cryptographic filesystem for the cloud
Stars: ✭ 1,560 (+776.4%)
Mutual labels:  cloud-storage, cryptography, encryption
Datasafe
Datasafe - flexible and secure data storage and document sharing using cryptographic message syntax for data encryption
Stars: ✭ 32 (-82.02%)
Mutual labels:  cloud-storage, cryptography, privacy
Sephia Five
A secure and PGP enabled webmail module for Phosphorus Five
Stars: ✭ 21 (-88.2%)
Mutual labels:  cryptography, privacy, encryption
Darkwire.io
End-to-end encrypted instant web chat
Stars: ✭ 594 (+233.71%)
Mutual labels:  cryptography, privacy, encryption
Discordcrypt
End-To-End File & Message Encryption For Discord
Stars: ✭ 150 (-15.73%)
Mutual labels:  cryptography, privacy, encryption
0fc
Anonymous web chat server, built on top of Themis/WebThemis
Stars: ✭ 98 (-44.94%)
Mutual labels:  cryptography, privacy, encryption
Magicpad
MagicPad is an encryption suite for beginners. It is designed to be run standalone via the browser or executable (Electron).
Stars: ✭ 174 (-2.25%)
Mutual labels:  cryptography, privacy, encryption
Demo Twilio Backend Nodejs
A sample backend that demonstrates how to generate a Virgil JWT and Twilio token used for authentication with the Virgil and Twilio services
Stars: ✭ 128 (-28.09%)
Mutual labels:  cryptography, encryption
Noise
.NET Standard 1.3 implementation of the Noise Protocol Framework (revision 33 of the spec)
Stars: ✭ 124 (-30.34%)
Mutual labels:  cryptography, encryption
I2pd
🛡 I2P: End-to-End encrypted and anonymous Internet
Stars: ✭ 1,796 (+908.99%)
Mutual labels:  cryptography, privacy
Chest
Bash glue to encrypt and hide files
Stars: ✭ 123 (-30.9%)
Mutual labels:  cryptography, encryption
Stegcloak
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
Stars: ✭ 2,379 (+1236.52%)
Mutual labels:  cryptography, privacy
Tessera
Tessera - Enterprise Implementation of Quorum's transaction manager
Stars: ✭ 135 (-24.16%)
Mutual labels:  privacy, encryption
Web Client
Cryptee's web client source code for all platforms.
Stars: ✭ 174 (-2.25%)
Mutual labels:  privacy, encryption
Padding Oracle Attacker
🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.
Stars: ✭ 136 (-23.6%)
Mutual labels:  cryptography, encryption
Cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Stars: ✭ 2,151 (+1108.43%)
Mutual labels:  cryptography, encryption
Databunker
Secure storage for personal records built to comply with GDPR
Stars: ✭ 122 (-31.46%)
Mutual labels:  privacy, encryption

CrypTag

Encrypted, taggable, searchable cloud storage.

CrypTag was announced at DEF CON 23 in August of 2015. Presentation slides: https://www.slideshare.net/elimisteve/cryptag-building-encrypted-taggable-searchable-zeroknowledge-systems-59707471.

What is CrypTag?

CrypTag is an idea, a spec, an API, and a piece of software that makes it easy to build a zero-knowledge system, which means that the server holding user data doesn't know what it is (since it's encrypted).

It is meant as a primitive to be used to build more sophisticated systems that would rather not re-implement the pieces necessary to build a zero-knowledge system, but several useful command line applications have been built with it so far, namely cput (for encrypting/saving files), cget (for fetching/decrypting files), and cpass (CryptPass, a password manager).

To use a command line password manager, CryptPass, see "Getting Started with CryptPass", below.

How is it searchable and encrypted?

It's not fully searchable; you can query by tag. See slide 7 of the presentation from DEF CON 23: https://www.slideshare.net/elimisteve/cryptag-building-encrypted-taggable-searchable-zeroknowledge-systems-59707471/8

Then the server stores the tags in plaintext?

Nope! The client stores mapping between tags ("snowden") and a random hex string ("b6a27d9"), and the server only ever sees the random strings.

(The client also encrypts these mappings and stores them to the server, too.)

Use Cases (what CrypTag is good at) + Syncing via Dropbox

I personally have virtually all data I want shared between my laptops in one Dropbox folder that CrypTag-based programs add (encrypted) data to and grab it from.

I've been using cpass to store and fetch...

  1. Passwords (cpass @elimisteve)
  2. Credit card numbers (cpass visa digits)
  3. Quotes (cpass nietzsche quote)
  4. Bookmarks, tagged like on Pinboard or Delicious (cpass url snowden)
  5. Command line commands -- cross-machine shell history! (cpass install docker)
  6. GitHub recovery codes (cpass github recoverycode)

For more on getting started, including how to safely and securely share passwords with others via a shared Dropbox folder, check out this section of the README: https://github.com/cryptag/cryptag#getting-started-with-cryptpass

It's still early days for CrypTag and CryptPass, so don't trust your life with cpass. Eventually I will have the code professionally audited for security flaws.

Getting Started with CryptPass

The current focus for CrypTag is creating a password manager out of it called CryptPass. CryptPass exists as a command line tool (cpass) you can use to store and retrieve passwords. Unencrypted passwords never touch disk; they are stored encrypted, read into memory, then printed to your terminal for you to use, with the first one found added to your clipboard.

TL;DR version

Install + config:

go get github.com/cryptag/cryptag/cmd/cpass
cpass

Create passwords, fetch them by tag, or delete them:

cpass create mytwitterp4ssw0rd twitter @myusername tag3 tag4
cpass @myusername
cpass delete twitter

Keep reading for more advanced options, including password sharing via shared Dropbox folders.

Installing cpass

Install Go (instructions), then run

go get github.com/cryptag/cryptag/cmd/cpass

That's it! Now run

cpass

cpass will generate a new encryption key to store your passwords with, as well as create the directories it will use to store your data, all in ~/.cryptag (by default).

Using cpass

Create a new password and associated tags with commands like:

cpass create mycr4zyemailp4ssw0rd gmail email [email protected]

cpass create mytwitterp4ssw0rd twitter @elimisteve

cpass create mycr4zyAWSp4ssw0rd4myj0b work aws

Fetch the password you're looking for and see them printed to the screen with commands like:

cpass gmail

cpass @elimisteve

cpass aws work

For convenience, cpass adds the first password found to your clipboard so you can paste it into whichever program you're using.

To view all your passwords, run

cpass all

And finally, to delete all passwords with certain tags, run

cpass delete aws

To only delete one specific password, not all passwords with a generic tag (e.g., "email") that you may have used to tag multiple passwords, use the password's tag of the form id:..., which is auto-generated and guaranteed to be unique:

cpass delete id:a91d46c7-45bb-48e4-43d1-642196df15b2

Multiple Storage Backends

Maybe you want to store your personal data in ~/.cryptag but have passwords you share with colleagues at ~/Dropbox/cryptag_work, for example. (With cpass this is secure because plaintext, unencrypted passwords will never touch ~/Dropbox/cryptag_work.)

Create a new backend with the desired name (e.g., "work") by running

BACKEND=work cpass

You can then change the value of DataPath at the end of ~/.cryptag/backends/work.json to wherever you want your work passwords stored (e.g., /home/MYUSERNAME/Dropbox/cryptag_work), being sure to use the absolute path.

(Dropbox note: CrypTag-based programs generally, and cpass specifically, store each piece of data (e.g., each password and each tag) in a separate file, so it is safe for multiple people to create passwords simultaneously and save them to a shared Dropbox folder, unlike with KeePass, KeePassX, 1Password, and some other password managers.)

Now you can save shared work passwords with the same commands as before, except with the BACKEND environment variable set:

BACKEND=work cpass create mycr4zyAWSp4ssw0rd4myj0b work aws

Now you should share ~/.cryptag/backends/work.json with your colleagues -- or at least the encryption key -- so that you can decrypt passwords saved by each other.

More Convenient Multiple Storage Backends

See this issue for discussion on how to make storing data in multiple places much better! I would love your input.

I currently do this:

echo 'BACKEND=work cpass "[email protected]"' > ~/bin/work
chmod +x ~/bin/work

so I can simply do

work create mycr4zyAWSp4ssw0rd4myj0b aws

to create work passwords, or

work aws

to fetch them.

Non-use Cases (what CrypTag is not good at)

Anything that requires rapid changes being made to data by multiple users, such as:

  • Real-time collaborative document editing

    • Real-time spreadsheet editing should work OK (as long as you're OK with "last write wins" to a cell), since each cell can be its own Row that can be changed concurrently with other Rows

Any data that is "write once, read many times" is ideal for CrypTag.

Future Plans

I have big plans for CryptPass and other CrypTag-based software to help make the world's data -- passwords, everything stored "in the cloud", file backups, bookmarks and so on -- more secure.

I believe that you should be able access your data from any of your devices, and just grab what you need, exactly like you can from the Dropbox mobile app. Or if you don't mind storing all your data on your computer, being able to use Dropbox (or anything similar) to sync all your data between all your devices without having to trust the company storing your data for you is also deeply important; we should all benefit from the convenience of cloud storage without giving up any privacy whatsoever.

So whatever feedback you may have, please please send it my way! Yes, there will be a graphical version of CryptPass usable on Windows, Mac OS X, and Linux desktops. Eventually I'd like to have mobile apps, too, of course.

I am open to all questions, comments, suggestions, insults, and whatever else you've got.

Geeky Feedback Requested

The graphical version of CryptPass (that uses Electron + React, that then talks to a local CrypTag daemon) once the command line version, cpass, is better, and once more complex storage questions are answered, which I'd appreciate feedback on from those of you who may want to store different kinds of data in different places (e.g., all passwords in a local directory, all work passwords in a shared Dropbox folder, and all backups in S3).

I'd love to create mobile versions of CryptPass, probably starting with Ubuntu Phone, because I can write it all in Go :-), and now that both Android and iOS apps can call into Go code using some new awesome mobile shit, it shouldn't be necessary to port the core CrypTag logic to another language.

Thank you! Here's to a more privacy-friendly future for all!

Cryptography Notice

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].