Our great sponsors
-
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
enc
🔑🔒 A modern and friendly CLI alternative to GnuPG: generate and download keys, encrypt, decrypt, and sign text and files, and more.
I don't know enc, but you can do this with age [0]
Encrypt: `age -p secrets.txt > secrets.txt.age`
Decrypt: `age -d secrets.txt.age > secrets.txt`
It asks for a password in both operations.
[0] https://github.com/FiloSottile/age
Yes, you are right on that. If the server is compromised a malicious user may change the client-side code to add a backdoor and steal your private key when you unlock it. He'll be able to steal only the keys that are unlocked while the backdoor stays undetected (not all the data).
The ideal way to resolve that would be to change the service to an API and offer binaries with a correct signature so the user can check and make sure that they get the correct thing. Actually I tried writing the client binaries using electron (https://github.com/spapas/etsd/tree/master/client) but didn't have the time for that :(
You are rigth though, I've added a Risks section to warn for that thingie https://github.com/spapas/etsd/blob/master/README.md#risks
I wish more of these alternate CLIs could act as wrappers for GPG. I would be happy to use enc if it just called GPG cli commands (or gpg agent*) underneath to do it's tasks.
I know it's a boring to do wrappers, but I can't imagine using something that doesn't support GPG agent and YubiKeys / Smart cards. That infrastructures is why I think GnuPG is so much ahead of it's competition like Filippo Valsorda's age.
* I have an example how to use GPG-agent decrypt and sign things, it's almost voodoo, because there is no instructions how to do it anywhere. I had to read the GnuPG's C code to understand how to do those: https://github.com/Ciantic/gpg-ed25519-to-cv25519/blob/maste...