azohra / lyra Goto Github PK

View Code? Open in Web Editor NEW

24.0 3.0 0.0 104 KB

A lightweight encryption tool designed for ease of use.

License: BSD 3-Clause "New" or "Revised" License

Go 96.29% Makefile 3.71%

encryption go golang authenticated-encryption passphrase-generator argon decryption privacy protect-your-privacy

lyra's Introduction

Lyra is a lightweight and fast encryption tool that makes protecting your sensitive files easy.

Features

Simple command line encryption and decryption.
- Encrypting is as easy as entering: lyra encrypt file and to decrypting is just as simple: lyra decrypt file
No need to worry about complex cipher options and configurations.
- Lyra uses a single strong time tested cipher to protect your data. Your data is encrypted with AES-256-GCM which simultaneously provides data confidentiality, authenticity and integrity (see authenticated encryption).
- Values that need to be unique and random (ex: salt) are generated via a cryptographically secure pseudo random number generator.
Strong GPU and ASIC resistant KDF being used to protect your passphrase.
- Lyra uses argon2 to make dictionary attacks and brute force guessing even harder.
Generate strong memorable passphrases via the diceware method.

Requirements (if building from source)

Go 1.9 and above
Go Dep for dependency management.

Dependencies

gware for diceware passphrase generation.
golang.org/x/crypto for argon2 and passphrase terminal.
memguard for handling keys and plaintext secrurely in memory.

Installation

Binaries

Signed binaries available for windows, linux and macOs available here.
Simply mv the binary to your $PATH

Installation from source

You can alternatively install lyra using:
- go get -d github.com/azohra/lyra
- cd $(go env GOPATH)/src/github.com/azohra/lyra && make install

Installation from Brew

Lyra can also be installed via brew:
- brew install azohra/tools/lyra

Usage

Lyra is a lightweight tool used to protect sensitive data

Usage: lyra [Command]

Commands:

	encrypt		Encipher a specified file with inputed passphrase
	decrypt		Decipher a specified file with inputed passphrase
	generate	Generate passphrase(s)
		
To get more info on commands do: lyra [Command] --help

Releases

Binaries and tags are all signed. The signing key used can be found by searching keyid 5604E4DC6DC74D9B.

lyra's People

Contributors

Stargazers

Watchers

lyra's Issues

lyra configuration

#4 Would require a configuration file to ensure ease of use. Upcoming branches specifically features/locker could benefit from a configuration file.

Specs:

Configuration format: toml
Filename: lconf.toml
Path of conf file: ~/.lyra

Unexpected panic when specifying certain files

Bug Description

Lyra panics when specifying invalid files.

Files similar to these will panic:

Empty files.
Auth params too short/long or are simply invalid such as a single char.

OS: MacOS 10.12.6
Go Version: go version go1.10 darwin/amd64
Output:

⋊> ~/g/s/g/a/lyra on dev ⨯ ./lyra decrypt aae 
Enter passphrase: 
panic: runtime error: slice bounds out of range

goroutine 1 [running]:
github.com/azohra/lyra/pkg/lfile.(*SecureLyraFile).ParseFile(0xc42008e190, 0x7fff5fbffc3f, 0x3, 0x0, 0x0)
	/Users//go/src/github.com/azohra/lyra/pkg/lfile/secure_lyra_file.go:111 +0x40a
github.com/azohra/lyra/pkg/lfile.NewParsedSLFile(0x7fff5fbffc3f, 0x3, 0xc4200160a0, 0xc420053d60, 0x1040938)
	/Users//go/src/github.com/azohra/lyra/pkg/lfile/secure_lyra_file.go:36 +0x58
main.decrypt(0x7fff5fbffc3f, 0x3, 0x0, 0x0, 0x0, 0xc4200160a0, 0x1, 0x8, 0x112d200, 0x0)
	/Users//go/src/github.com/azohra/lyra/cmd/lyra/decrypt.go:113 +0x39
main.(*decryptcmd).Run(0xc42000e3c0, 0xc42000e0e0, 0x1, 0x1, 0x0, 0x0)
	/Users//go/src/github.com/azohra/lyra/cmd/lyra/decrypt.go:96 +0xe2
main.main()
	/Users//go/src/github.com/azohra/lyra/cmd/lyra/lyra.go:110 +0x3dd

Steps to Reproduce

Create an empty file and/or a file that has an invalid auth parameter
lyra decrypt file

Secret/passphrase management

Secret management would be a great new feature for lyra as it doesn't really have any.

Goals:

Integrate hashicorp vault with lyra

Git Commit Safety Checks

Lyra allows the user to encrypt their secrets when they are being their best selves, but sometimes we forget to re encrypt before committing changes to git.

It would be awesome to have a git integration that stopes the commit of secret private assets when they are unencrypted.

Lyra can be tool the CI to fail when unencrypted secret files are pushed; but this still exposes sensitive information and makes it vulnerable. Even worse, the user must be git savvy to amend the commits in such a way as to remove the lingering commits containing the file.

It would be super cool to have Lyra install and uninstall these githooks globally and/or to the individual project with a sub command and/or when you lyra init into a git project.

terminal.ReadPassword() on windows

terminal.ReadPassord() does not work on windows. Input terminates immediately before users can type in passphrases.

39d4517#diff-055e3e2c833cd88c8c82b8fe7a1e2693R159 changes from hardcoded 0 to a variable from package syscall however the values are not the same for unix and windows. There will need to be code to handle this change.

Bug Description

OS: Windows 10
Go Version: v1.10

azohra / lyra Goto Github PK

lyra's Introduction

Features

Requirements (if building from source)

Dependencies

Installation

Binaries

Installation from source

Installation from Brew

Usage

Releases

lyra's People

Contributors

Stargazers

Watchers

lyra's Issues

Bug Description

Steps to Reproduce

Bug Description

Recommend Projects

Recommend Topics

Recommend Org