#crypto #s3 #backblaze-b2 #aes

app crabguard

A cli tool for end-to-end encryption for s3 storage

5 releases

0.1.4 Oct 1, 2023
0.1.3 Oct 1, 2023
0.1.2 Sep 30, 2023
0.1.1 Sep 28, 2023
0.1.0 Sep 23, 2023

#637 in Cryptography

32 downloads per month

MIT license

802 lines

🦀🔒 crabguard: A cli tool for end-to-end encryption for remote and local storage



  • Encrypted upload, download and delete operations on Amazon S3 storage
  • AES-GCM symmetric encryption with random 96-bit nonce
  • Hashed filenames using sha256
  • File chuking (currently chunk size is hardcoded to 1MB)
  • Resume upload/download when interuppted

Future Work

  • Handle incomplete/corrupted files
  • Password based key derivation
  • Dynamic file chunking
  • Improve latency and performance (e.g. upload/download multiple chunks in separate connections)

Getting started

Create a .env file like so


When the upload command is run a new key will be generated and stored in your .env file. It goes without saying that you should backup this key. If you lose it you can't decrypt your files or even the filenames.

Common Commands

cargo r --release -- upload ~/Downloads/23-08-11\ 11-35-15\ 3555.jpg
cargo r --release -- download 23-08-11\ 11-35-15\ 3555.jpg
cargo r --release -- delete 23-08-11\ 11-35-15\ 3555.jpg
cargo r --release -- list


~557K SLoC