Our great sponsors
-
rage
A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I'd generally look at anything like this as a code smell. If you're looking for simple file encryption in Rust, and you'd consider doing something as bespoke as this, just use `rage` (and its `age` crate). As a bonus, you get interop with Go (the reference implementation of age is in Go).
https://github.com/str4d/rage
Having said this, I want to put a word in for a design change I think all of these tools should consider: don't accept user-provided passphrases by default. Instead, generate passphrases for the user, with a wordlist and entropy target.
Encrypting programs can still accept a (bad) passphrase with an option! But it shouldn't be the default behavior.
Related posts
- rage: A simple, secure and modern encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
- Tiny backup/encryption tool for CLI usage.
- "gpg: all values passed to '--default-key' ignored"?
- Dexios - a secure and open source command-line file encryption utility
- File encryption