EStash
An open source, cross-platform, programmed in rust, encrypted digital vault (store files and text) with the capability to set a path and
with the click of a button to copy the content to that file. For example store your ssh keys safely, put your vault in like your github dotfiles,
download it on another machine and easily install those keys.
Report Bug
|
Request Feature
Table of Contents
-
About The Project
-
Getting Started
-
Usage
- Road Map
- Contributing
- License
- Contact
About The Project
- An open source, programmed in rust, encrypted digital vault (store files and text) with the capability to set a path and
with the click of a button to copy the content to that file. For example store your ssh keys safely, put your vault in like your github dotfiles,
download it on another machine and easily install those keys.
- The vault is encrypted using a key derived from your password (the strength of your password decides the safetyness of your vault) using argon2id
and that key is used to encrypt the private key. The encryption algorithm used is an ECIES, combines X25519 Diffie-Hellman function and XChaCha20Poly1305. (I used an ECIES for future proof reasons as there are no security downsides)
- The way this works is by hashing your vault name with blake3. The password doesn't get stored, but a key derived from your password of 32 bytes length using argon2id gets generated with some very strong options and with this key the private encryption key for the vault (from the ECIES) get's encrypted. You get logged into a vault if the private key is decrypted sucessfully and the vault name is present basically. And all the content inside a vault is encrypted using the key-pair for that vault, basically nothing gets leaked.
Video showcase
https://user-images.githubusercontent.com/59087558/206248579-a786b277-b0fc-4306-be50-9db1c948e901.mp4
Built with
The stock libraries and these awesome 3rd party ones:
-
BLAKE3 hash function, much faster then sha2 and more secure.
-
rust-argon2 for deriving the encryption key from the password.
-
rand random number generators and other randomness functionality.
-
rand_hc HC128 random number generator.
-
zeroize securely clear secrets from memory with a simple trait.
-
crypto_box ECIES that combines X25519 Diffie-Hellman function and XChaCha20Poly1305.
-
chacha20poly1305 simple, fast and strong AEAD encryption algorithm.
-
sled lightweight high-performance pure-rust transactional embedded database.
-
Serde a generic serialization/deserialization framework.
-
serde_json a JSON serialization file format.
-
FLTK rust bindings for the FLTK GUI library.
-
dirs a tiny low-level library that provides platform-specific standard locations.
Getting Started
Running The Program
Windows
Portable EXE
- Go to the Releases Tab and download the estash-windows.exe file (might have to click show all).
- Double click the exe you just downloaded and there you go the program works.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
Installer
- Go to the Releases Tab and download the estash-windows-installer.exe files (might have to click show all).
- Double click the installer and go through the it as you would with any other installer.
- If you look now in the start menu (or on the desktop if you ticked create desktop shortcut) you are gonna see a shortcut for estash, just run it like any other program.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
Linux
Portable Bin
- Go to the Releases Tab and download the estash-linux file.
- Double click the bin you just downloaded and there you go the program works.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
AppImage
- Go to the Releases Tab and download the estash-linux.AppImage file.
- Double click the AppImage you download and there you go the program just works. You may want to install AppImageLauncher if you don't have it already, when you start the AppImage you'll get a prompt asking if you want to integrate and run it and if you do so it will appear just as if you installed it.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
AUR
The PKGs are: estash (for stable), estash-bin (for precompiled) and estash-git (to compile latest source code)
a. if you have an AUR manager (like paru or yay, which you should)
- Just like with any other AUR pkg choose your prefered type and you can run the following command for example.
paru -Sy estash
- Search for estash in your app launcher and launch it.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
b. Manually cloning and building it from AUR
- First install the basic build dependencies, if you don't already have them:
sudo pacman -Sy gcc base-devel --needed
- Then clone the build script
git clone https://aur.archlinux.org/estash.git # or estash-bin & estash-git
- Cd into the new cloned repository and run the following to build the package
makepkg
- In order to install the package run the following (where * is just an any other characters place holder)
sudo pacman -U estash-*.pkg.tar.zst
Nix File
You are using NixOS, don't worry I got you bro.
- Go to the Releases Tab and download the estash-linux.nix file.
- If you use flakes then put it in your pkgs folder, and up-top add your tag (like my). If you don't just add the code in your default.nix file and install it this way.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
Deb File
You should use the app image. This does not provide a desktop file, you'll have to run it from the command line. It's here just as another means if needed. I will try to make a ppa.
- Go to the Releases Tab and download the estash-linux.deb file.
- Open a terminal in the folder where your download is and run the following command:
sudo dpkg -i estash-linux.deb
- Run estash in the terminal and there it is, the app.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
Arch Pkg File
You shouldn't use this method, install the estash-bin AUR pkg instead. This is here just as another means if needed.
- Go to the Releases Tab and download the estash-linux.pkg.tar.zst file.
- From you Arch Linux command line run the following command:
sudo pacman -U estash-linux.pkg.tar.zst
- Search for estash in your app launcher and launch it.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
MacOS
Portable binary
- Go to the Releases Tab and download the estash-macos file.
- Double click the bin you just downloaded and there you go the program works.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
App Folder
Very simillar to portable binary, only real difference is this has an icon.
- Go to the Releases Tab and download the estash-macos-app.tar.gz file.
- Use your archive manager or run in the terminal the following command:
tar -xzf estash-macos-app.tar.gz
- Double clikc the app folder you just downloaded and there you go the program works.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
DMG Installer
Works just like any other dmg installer you've used.
- Go to the Releases Tab and download the estash-macos-installer.dmg file.
- Double click to run the dmg.
- Drag the app folder over the Applications folder.
- Done, you've just installed the app, should see it in launchpad now.
- Might wanna take a look at the Usage Tab if you don't understand something about it.
Homebrew
Note this method doesn't come with a desktop entry. You'll have to run the estash command or just create a shortcut yourself, it's really easy.
- You will need to have homebrew installed, if you don't have it installed run the following command:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- You'll need to add my tap repo, run the following command for that:
brew tap Obscurely/tap
- Install the pkg.
brew install estash
- Might wanna take a look at the Usage Tab if you don't understand something about it.
All Platforms
This method will work across any Linux distribution, Windows 10/11 and macOS (Big Sur+ tested).
- Install rust, either using the official rustup installer or any pkg manager you may use. (There is also a shell.nix file in the repo if you use nix)
- Run the following command in your terminal of choice:
cargo install estash
- Make sure you have .cargo/bin in path, for linux and macOS you would need to add the following line in your terminal RC file (e.g $HOME/.zshrc)
export PATH=$HOME/.cargo/bin:$PATH # This is for Linux & macOS, look below for Windows.
On windows it should work automatically (restart if just installed), if not you can follow this guide for how to add something to path. The cargo bin folder will be {your-user-folder}\.cargo\bin
-
You may want to create a symlink on Linux & macOS or create a shortcut if you are on Windows to the bin file for easy access.
-
In order to update run the install command again, and you can now follow usage for more information on how to use it.
Compilation
This program only uses cross platform libraries. The following steps require that you have rust installed, check their official installation page or use any pkg manager you may want. (There is also a shell.nix file in the repo if you use nix).
- Clone this repo on your PC, you can use "git clone", if you have git installed, like this:
git clone https://github.com/Obscurely/estash.git
Otherwise in the right up side of the repo page you will see a download button, download the repo as zip and extract it in a folder
- Open a new terminal/cmd window in the folder you extracted the repo in, if you can't right click on the folder and open it there do:
cd the/path
and you will get there.
- From there run this compile command in the terminal:
cargo build --release
It will take a bit depending on your system because of executable size optimizations, but be patient.
- Done, navigate to target/release and grab only the "estash" file from there.
Usage
In the provided video it's presented everything you should know on how to use EStash. I also think the UI is intuitive enough, but I obviously can't have an unbiased opinion or a first look experience, so here you go.
Basics
Login
- First click on signup. The first field is the name of the vault, the second field is the password, and the third one is to verify the password. After inputting you desired credentials (note you can also make a vault with nothing as the vault name and password) click Singup and wait.
- After the vault has been created in left up corner you will se a back arrow, click that.
- Now that we are in the main menu click on Login. The first field is the name of the vault and the second one is the password. After inputting your credentials hit Login.
The Vault
- Add an entry by adding some text in the left down corner box and hitting the plus sign besides it.
- Get the content of an entry by clicking on its name in the tree
- Hit the plus/minus sign besides the install path box if you want to enable/disable the install path. The install path is checked if it's working on you current operating system.
- The Check button besides the install path box checks if the path is valid on your current operating system.
- The Content box represents what you would want to store, you can write anything utf-8 here, if it's not the UI will not let you do it so you don't have to worry about this.
- The Clear Content button simply clears anything in the content box.
- The Select File button let's you select a file from you system, any file, using the native file selecter or the one packaged with FLTK if none is found, and import all of its content inside the contents box. If the file is too big or is not in utf-8 format (for example it's a photo) the content box will be disabled and a message will you up and the file will automatically be stored in the entry.
- The Notes box has no real effect on the functionallity, if you want to add anything extra just write it there.
- The Delete button deletes the entry without question
- The Install button takes the contents of the content box even if you've modified it and not saved it and tries installing it to the desired install path if the install path is enabled.
- The Save button will simply save the entry, encrypted, to the db.
Advanced
- Change the install path or add one without saving the entry, you may want this as an one time use.
- Change the content without saving the entry and installing that to a file.
Road Map
To be added.
Contributing
Edit a file you want, do a pull request, I will look at it and if the change makes sense and is a good one I will accept it and that's it.
License
Is under GPL-3.0 so stick to the license conditions and have fun :)
Contact
Either post an issue in the Issues Tab or contact me at this email adddress if you have more to say: obscurely.social@protonmail.com