bessie

Crates.iobessie
lib.rsbessie
version0.1.0
created_at2022-01-02 17:49:27.24747+00
updated_at2025-02-04 00:36:28.807918+00
descriptionan authenticated, chunked cipher based on BLAKE3
homepage
repositoryhttps://github.com/oconnor663/bessie
max_upload_size
id506646
size60,593
Jack O'Connor (oconnor663)

documentation

https://docs.rs/bessie

README

Bessie

docs.rscrates.io libcrates.io bin

Bessie is an authenticated, chunked cipher based on BLAKE3. The design has been stable for a while, but it hasn't been audited or used in the real world as far as I know. Use with caution.

Features and design goals:

  • general-purpose authenticated encryption
  • no practical limits on the number or size of messages
  • internal random nonce generation, to prevent mistakes
  • streaming encryption and decryption of large messages
  • seekable decryption of large messages
  • low overhead for small messages
  • key commitment

Non-features and non-goals:

  • Not formally/strongly misuse-resistant. Generating random nonces internally avoids a lot of common mistakes, and mixing auth tags into the stream makes nonce reuse somewhat less catastrophic. But nonce reuse does allow an attacker to mix-and-match chunks from different messages, and chunked/streaming constructions are also inherently vulnerable to nonce reuse exploits that all-at-once constructions like AES-SIV are not.
  • No built-in associated data parameters. Callers who need associated data can mix it with their key using a KDF or a keyed hash.

Although the Bessie cipher and its library implementations are eventually intended for production use, the bessie CLI tool will always be for testing and demo purposes only. A general-purpose encryption CLI for real people needs to support public-key encryption and various ways of encoding and managing keys, neither of which are in scope for this project. If you are a real person and you need a general-purpose encryption CLI, consider age.

Usage

To install the bessie CLI tool, which is for testing and demo purposes only:

cargo install bessie_bin

Or to build and install from this repo:

cargo install --path rust/bin

To encrypt and decrypt a 1 MB file using the all-zero key (seriously, testing and demo purposes only):

head -c 1000000 /dev/urandom > myfile
bessie encrypt zero myfile myfile_enc
bessie decrypt zero myfile_enc myfile_copy
cmp myfile myfile_copy

To decrypt just the last byte of the encrypted file:

bessie decrypt zero myfile_enc myfile_last --seek=999999

To run tests for the whole project:

./test.py
Commit count: 59

cargo fmt