Modern, secure, and easy to use file encryption.
Kestrel is a data-at-rest file encryption program. Think PGP, but less unwieldy.
Kestrel makes it easy to encrypt files for yourself or friends. All you need is their public key.
cargo install kestrel-cli
Patches welcome. Please send feedback and bug reports for any issues that you may have.
Apache 2.0
``` USAGE: kestrel encrypt FILE -t NAME -f NAME [-o FILE] [-k KEYRING] kestrel decrypt FILE -t NAME [-o FILE] [-k KEYRING] kestrel key generate kestrel key change-pass PRIVATE-KEY kestrel key extract-pub PRIVATE-KEY kestrel password encrypt|decrypt FILE [-o FILE]
Aliases enc, dec, pass, and gen can be used as encrypt, decrypt,
password, and generate respectively.
Option -k is required unless KESTREL_KEYRING env var is set.
OPTIONS: -t, --to Recipient key name. Decrypt requires a private key. -f, --from Sender key name. Must be a private key. -o, --output Output file name. -k, --keyring Location of a keyring file. -h, --help Print help information. -v, --version Print version information. ```
The core of Kestrel is a Noise Protocol handshake that is used to encrypt a fresh 32 byte payload key. The algorithms used are X25519, ChaCha20-Poly1305, and SHA-256, and the X one way pattern.
A file is split into encrypted and authenticated chunks and encrypted with ChaCha20-Poly1305 using the payload key.
Password based encryption can also be used by deriving a key from a password using scrypt instead of using public keys.
To the best of my knowledge, Kestrel is secure. However, this software has not yet undergone a formal security audit. Swim at your own risk.