#crypto #s3 #backblaze-b2 #aes

app crabguard

A cli tool for end-to-end encryption for s3 storage

5 releases

0.1.4 Oct 1, 2023
0.1.3 Oct 1, 2023
0.1.2 Sep 30, 2023
0.1.1 Sep 28, 2023
0.1.0 Sep 23, 2023

#637 in Cryptography

32 downloads per month

MIT license

35KB
802 lines

🦀🔒 crabguard: A cli tool for end-to-end encryption for remote and local storage

crates.io

Features

  • Encrypted upload, download and delete operations on Amazon S3 storage
  • AES-GCM symmetric encryption with random 96-bit nonce
  • Hashed filenames using sha256
  • File chuking (currently chunk size is hardcoded to 1MB)
  • Resume upload/download when interuppted

Future Work

  • Handle incomplete/corrupted files
  • Password based key derivation
  • Dynamic file chunking
  • Improve latency and performance (e.g. upload/download multiple chunks in separate connections)

Getting started

Create a .env file like so

AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...
AWS_REGION_NAME=us-west-004
AWS_ENDPOINT=s3.us-west-004.backblazeb2.com
AWS_BUCKET_NAME=testbucket

When the upload command is run a new key will be generated and stored in your .env file. It goes without saying that you should backup this key. If you lose it you can't decrypt your files or even the filenames.

Common Commands

cargo r --release -- upload ~/Downloads/23-08-11\ 11-35-15\ 3555.jpg
cargo r --release -- download 23-08-11\ 11-35-15\ 3555.jpg
cargo r --release -- delete 23-08-11\ 11-35-15\ 3555.jpg
cargo r --release -- list

Dependencies

~19–32MB
~557K SLoC