-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathchest.1
More file actions
68 lines (67 loc) · 2.5 KB
/
chest.1
File metadata and controls
68 lines (67 loc) · 2.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
.\" Manpage for chest.
.\" Contact esselfe16@gmail.com to correct errors or typos or open a pull request on Github.
.TH man 1 "3 December 2025" "0.3.5" "chest man page"
.SH NAME
chest \- Encrypt or decrypt a file.
.SH SYNOPSIS
chest [befhpSsV] FILENAME
.SH DESCRIPTION
The chest program can be used to encrypt and decrypt files using a password
hash (SHA512 with fixed length or SHAKE256 with variable length) hopping
algorithm. Note that the encrypted output may be vulnerable to hash database
cracking due to its simplicity. Just give a filename as argument and it should
detect, according to the presence of the .chest extension, whether to encrypt
or decrypt. Neither the password or the hash are stored in the output file,
the hash is generated at runtime after the user has been asked for a password.
.SH OPTIONS
.TP
-h, --help
Show a usage help message and exit.
.TP
-b, --base NUM
Specify the base size that will be multiplied with factor. This defaults
to 1024 bytes.
.TP
-e, --extension ".ext"
Specify the chest file extension for encrypted file.
.TP
-f, --factor NUM
Specify the hash length multiplier. This defaults to 1024.
.TP
-p, --password-file FILENAME
Specify in which file to take data as password.
.TP
-S, --shake256-full-size
Automatically use a shake256 hash length of the same size as the input file.
.TP
-s, --shake256
Use the SHAKE256 hash function with variable hash size instead of the
fixed size of SHA512. Works with the -b and -f options. If those are
unspecified, a base and factor of 1024 will be used, giving 1MiB hash to
crypt with.
.TP
-V, --version
Show the program version and exit.
.SH EXAMPLES
.TP
chest -e ".crypt" -p ~/.secret-pass backups-241012.tar.xz
Encrypt an archive using a password file, to a file ending in .crypt
.TP
chest -s -b 4000 -f 1000 secret.txt
Encrypt a file using a 4MB hash.
.TP
chest .htpasswd.chest
Decrypt a chest file by asking for a password
.SH BUGS
The C version and the Go versions should give the same results, but differ
from the encrypted output from the Python and Rust versions when used with
a password file ending with a newline character.
.SH NOTES
Disclaimer: There is no warranty that the encrypted output file is not
crackable! Normally you shouldn't store critical data with this encryption.
See the LICENSE file for full disclosure.
As a strategy you can remove the .chest extension and reencrypt again
to reduce chances of bruteforce attacks, since there's not really a way to
tell if the first pass gives correct results.
.SH AUTHOR
Stephane Fontaine (esselfe16@gmail.com)