I know there are many encryption tools but I wanted to write my own because of two reason:
1) I hate the way GNUPG and other manage private keys: they are in fact stored on your pc, encrypted with another password, while this is probably useful for storing lot of passwords on your pc, it doubles the security risk because you not only have to worry about protecting your data files, but you also have to protect your password files (what is not there cannot be broken, as engineers like to say)
2) I read the recent Snowden's revelations about the NSA cracking and spying everything here and there, while I doubt they can really break OpenSSL's AES, I thought that it was not so difficult to make their life harder
Here is a short description of the tool:
It uses OpenSSL-SHA256 algorithm to generate a 256 bit key from an alphanumeric ASCII password, which is passed to OpenSSL-AES256, it uses cipher-block-chaining (CBC) with ciphertext stealing to encrypt files longer than 16 bytes.
The cipher text is then passed to another (custom) encryption algorithm, which basically works similar to AES, dividing the original file in 16-bytes blocks, then reading the key byte by byte:
-for every byte k(i) in the key it takes the n-th byte p(n) in the plain text block, where n = b%16 (modulus in C)
-it makes p(i)= p(i)^k(i) and p(n)= ~p(n)
-it swaps p(i) and p(n)
while this second encryption algorithm may not be as safe as AES-256 which is way more complicated, i think that the combination of the two makes you reach a level of security that could be defined as 'paranoid'. In addition while AES is a well known and studied encryption algorithm, the second part is only known by the people who have read this post, and I doubt any of them will be willing to waste his time trying to crack it. Anyway the software comes with source code, so that if you want to modify the algorithm, you are free to do it.. (the two functions you would have to modify are swap_byte_enc and swap_byte_dec in waes.cpp)
the performance penalty compared to pure AES encryption is around 10%, it does not support multithreading even if it would be possible, because it is already quite fast and it is intended for small files (the original idea was because I wanted to store on my hard drive my Paypal password), if you want to encrypt your whole hard drive go for TrueCrypt that can do on-the-fly encryption and decryption
please, let me know if you are interested or if you think it deserves to stay in the AUR..
]]>