bessie
| Crates.io | bessie |
| lib.rs | bessie |
| version | 0.0.3 |
| source | src |
| created_at | 2022-01-02 17:49:27.24747 |
| updated_at | 2024-08-19 18:47:34.140572 |
| description | an authenticated, chunked cipher based on BLAKE3 |
| homepage | |
| repository | https://github.com/oconnor663/bessie |
| max_upload_size | |
| id | 506646 |
| size | 50,474 |
Jack O'Connor (oconnor663)
documentation
README
Bessie
docs.rs — crates.io lib — crates.io bin
Bessie is an authenticated, chunked cipher based on
BLAKE3. Right now it's in the early
design stages. See design.md. A high-performance
implementation of this design is blocked on some upstream refactoring of
blake3, to add SIMD optimizations to extended outputs.
Features and design goals:
- general-purpose authenticated encryption
- no practical limits on the number or size of messages
- internal random nonce generation, to prevent mistakes
- streaming encryption and decryption of large messages
- seekable decryption of large messages
- low overhead for small messages
- key commitment
Non-features and non-goals:
- Not formally/strongly misuse-resistant. Generating random nonces internally avoids a lot of common mistakes, and mixing auth tags into the stream makes nonce reuse somewhat less catastrophic. But nonce reuse does allow an attacker to mix-and-match chunks from different messages, and chunked/streaming constructions are also inherently vulnerable to nonce reuse exploits that all-at-once constructions like AES-SIV are not.
- No built-in associated data parameters. Callers who need associated data can mix it with their key using a KDF or a keyed hash.
Although the Bessie cipher and its library implementations are eventually
intended for production use, the bessie CLI tool will always be for testing
and demo purposes only. A general-purpose encryption CLI for real people needs
to support public-key encryption and various ways of encoding and managing
keys, neither of which are in scope for this project. If you are a real person
and you need a general-purpose encryption CLI, consider
age.
Usage
To install the bessie CLI tool, which is for testing and demo purposes only:
cargo install bessie_bin
Or to build and install from this repo:
cargo install --path rust/bin
To encrypt and decrypt a 1 MB file using the all-zero key (seriously, testing and demo purposes only):
head -c 1000000 /dev/urandom > myfile
bessie encrypt zero myfile myfile_enc
bessie decrypt zero myfile_enc myfile_copy
cmp myfile myfile_copy
To decrypt just the last byte of the encrypted file:
bessie decrypt zero myfile_enc myfile_last --seek=999999
To run tests for the whole project:
./test.py