Giter VIP home page Giter VIP logo

ion's Introduction

๐Ÿงฌ ion - AES256/GCM encrypt and share large data objects.

End to end encrypted, if you want...

Encryption is done on your computer, your data does not hit the cloud unencrypted.

No logs except errors are being collected from cmd/server -- check it.

Your data (in its ciphered form) lives for maximum 24h in a GCS bucket.

pipeline status coverage report FOSSA Status

Quick start

# macOS
brew install lfaoro/tap/ion

# linux (WIP)
curl apionic.com/ion.sh | sh

# developers
go get -u github.com/lfaoro/ion
make install
ion -h

make test

Usage

$ ion upload genesis.txt
13.09 MiB / 1.14 GiB [>-----------------------------]   1.12% 1.72 MiB/s 11m11s
Download from: https:/s.apionic.com/nERuG_genesis.txt

$ ion download nERuG_genesis.txt
290.19 MiB / 1.14 GiB [=======>---------------------]  24.83% 5.52 MiB/s 02m38s
Downloaded: genesis.txt

$ ion encrypt --key genesis.txt
๐Ÿ”‘ Encryption-key: 238dFomyjB3wEejjoSUef97Y/k1gMib6XvVS56i4Apg=
๐Ÿ”’ Encrypted /tmp/genesis.txt

$ ion decrypt --key genesis.txt
๐Ÿ”‘ Encryption-key: 238dFomyjB3wEejjoSUef97Y/k1gMib6XvVS56i4Apg=
๐Ÿ”“ Decrypted /tmp/genesis.txt

WIP beta commands

$ ion lock 
Password: **********
Locked .config/ion/key

$ ion unlock 
Password: **********
Unlocked .config/ion/key

$ ion genesis.txt
๐Ÿงฎ Unable to decrypt using your local key
๐Ÿ”‘ Decryption-key: ***********
๐Ÿ”“ Decrypted genesis.txt

$ ion up genesis.txt -to [email protected]

Sample email

Subject: You've got data!

Body: Download your data from https://s.apionic.com/lsYuh_genesis.txt

Leading encryption standard

Authenticated Encryption with Additional Authenticated Data (AEAD) couples confidentiality and integrity. Using the most popular AEAD today: AES-GCM.

The "AES-GCM" algorithm identifier is used to perform authenticated encryption and decryption using AES in Galois/Counter Mode mode, as described in NIST SP 800-38D

ref paper: https://eprint.iacr.org/2017/168.pdf

Contributing

Any help, feedback and suggestions are very welcome and greatly appreciated. Start by opening an issue.

Motivation

It's hard to find a service one can completely trust -- everybody claims they're encrypting your data, although how can you be sure?

I believe the only way trust what happens to your data is to see exactly the steps that lead to its manipulation, encryption & storage.

ion is F/OSS -- anyone can check how data is being encrypted and handled, spot eventual issues and fix insecurities.

Compliance (WIP)

Right now lsh stores the encryption keys in a key file, located in $HOME/.config/ion with 0600 permission . Ideally we'll have the keys stored in the macOS keychain -- although I don't know if there's something comparable for Linux and Windows.

To comply with regulators you might need to generate encryption keys using a Hardware Security Module aka HSM.

ion comes with a HSM plugin for GCP and AWS. These providers offer HSM as a service.

Configure the GCP/AWS environment variables in order to activate Cloud HSM; ref: https://.

In progress: #1

License

FOSSA Status

ion's People

Contributors

fossabot avatar lfaoro avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

fossabot

ion's Issues

improve: tests

Matt: https://gophers.slack.com/messages/@UJQ3HSUQL -- suggested

    fileName := "genesis.txt.encrypted"
    filePath := filepath.Join("testdata", fileName)
    data, err := ioutil.ReadFile(filePath)
    assert.Nil(t, err)

    name, err = uploadFile(fileName, data)
    assert.Nil(t, err)
}```

I would also pass in corrupt or decrypted data to make sure you test the various checks in uploadFile()

add: lock/unlock commands

use lock/unlock to encrypt/decrypt the keyfile

ncrypt lock
Password: *****
Key file locked

ncrypt genesis.txt
Unlock the key file in order to encrypt.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.