Skip to content

Antidote1911/arsenic

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

746 Commits

3rdparty

3rdparty

 
 

arscore

arscore

 
 

arsenic_gui

arsenic_gui

 
 

installer

installer

 
 

screenshots

screenshots

 
 

.appveyor.yml

.appveyor.yml

 
 

.clang-format

.clang-format

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

arsenic.pro

arsenic.pro

 
 

botan_license.txt

botan_license.txt

 
 

defaults.pri

defaults.pri

 
 

gitpush-release.sh

gitpush-release.sh

 
 

gitpush.sh

gitpush.sh

 
 

Repository files navigation

License: GPL3 Build status GitHub release

Arsenic

A simple tool to encrypt files and text with strong algorithms.
Tested with Windows 10 and all major Linux distributions. Arsenic is developed on Archlinux.

Latest Windows x64 release is here.

New in version 5:

  • Not compatible with previous versions.
  • Work with Qt6.
  • Now, the user can choose several encryption algorithms and not only the paranoid triple encryption.
  • Encryption or decryption are correctly stopped when a file is removed from the job list and the partial output file is deleted.
  • Encryption can generate unique output file name if the file exist and not only decryption like previous versions.

More screenshots at the and of this readme.

Simple Description:

Arsenic was intended as a lightweight application, that would encode a list of local files using a password. A simple text editor named "CryptoPad" can be used for send encrypted text by email. Some useful tools are included. A file Hash calculator and a password generator.

For file encryption you can choose several algorithms:

  • XChaCha20Poly1305
  • AES-256/EAX
  • AES-256/GCM
  • AES-256/SIV
  • Serpent/EAX
  • Serpent/GCM
  • Serpent/SIV.
  • Triple Encryption (XChaCha20Poly1305, AES256/EAX, Serpent/GCM)

All mode are very strong. You can choose the faster on your machine. The decryption routine automatically detect the right settings. You don't have to retain anything. CryptoPad always use triple encryption.

Note on triple encryption:
It's not proved multiple encryption is most secure. But if you are paranoid, you can use it to encrypt your files !

Technical description:

Arsenic encrypted file :

Password Derivation :
A 32 bytes (64 for SIV mode) "Masterkey" is generated by Argon2 from the user password and a 16 bytes random salt. This "Masterkey" is used to encrypt with the selected algorithm.

initialization vectors (or nonces) :
A 24 bytes initialization vector is generated by Botan random number generator. This nonce is used to encrypt with the selected algorithm and the MasterKey. Nonce is always incremented before all steps to ensure to never reuse it with the same key. It is incremented after file Name encryption, and after all encrypted chunk.

First, Arsenic encrypt the original file name and a randomized block of data. After that, the original file is encrypted chunk by chunk.

the output file is :

  • Magic number
  • Arsenic version
  • Argon memlimit
  • Argon iterations
  • Selected algorithm
  • original fileNameSize (necessary for decrypt the original name)
  • original fileSize
  • Argon salt (16 bytes)
  • iv (24 bytes)
  • encrypted FileName ( fileNameSize + randomBloc(BUFFER_SIZE) + Authentication tag)
  • encrypted chunk_1 ( BUFFER_SIZE + Authentication tag )
  • encrypted chunk_2 ( BUFFER_SIZE + Authentication tag )
  • ....etc

Arsenic triple encrypted file :

Password Derivation :
A 96 bytes "Masterkey" is generated by Argon2 from the user password and a 16 bytes random salt. This "Masterkey" is split in three 32 bytes keys for the triple encryption.

initialization vectors (or nonces) :
A 72 bytes "MasterNonce" is generated by Botan random number generator. This master nonce is split in three 24 bytes nonces for the triple encryption. This three nonces are always incremented before all steps to ensure to never reuse it with the same key. They are incremented after file Name encryption, and after all encrypted chunk.

the output file is :

  • Magic number
  • Arsenic version
  • Argon memlimit
  • Argon iterations
  • Selected algorithm (it's "Triple Encryption")
  • original fileNameSize (necessary for decrypt the original name)
  • original fileSize
  • Argon salt (16 bytes)
  • ivChaCha20 + ivAES + ivSerpent (24 bytes * 3)
  • encrypted FileName ( fileNameSize + randomBloc(BUFFER_SIZE) + Authentication tag * 3)
  • encrypted chunk_1 ( BUFFER_SIZE + Authentication tag * 3 )
  • encrypted chunk_2 ( BUFFER_SIZE + Authentication tag * 3 )
  • ....etc

Text encryption with cryptopad

  • version (4 bytes)
  • salt (16 bytes) for Argon2
  • ivChaCha20 + ivAES + ivSerpent (24 bytes * 3)
  • ciphertext
  • Authentication tag * 3

Hash calculator
Supported algorithms: SHA-3, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512-256, Skein-512, Keccak-1600, Whirlpool, Blake2b, SHAKE-128, SHAKE-256, GOST-34.11, SM3, Streebog-256, Streebog-512, RIPEMD-160, Adler32, MD4, MD5, CRC24, CRC32

Developers:

The application was primarily built around the Qt 5/6 framework. Botan is automatically downloaded by qmake, and an amalgamation build is generated (botan_all.cpp and botan_all.h). If you want to update botan, simply delete the folder 3rdparty/botan/botan, and modify the version you want in the three scripts:

  • for Windows : 3rdparty/botan/update-botan.bat
  • for unix : 3rdparty/botan/update-botan.sh
  • for mac : 3rdparty//botan/update_botan_osx.sh

Run Qmake and the new version was downloaded and amalgamation was generated.

To build the program from source, the appropriate Qt version should be installed and configured.

On linux distributions you can run this command in the extracted source archive:

  qmake
  make
  sudo make install

Arsenic work well but it need some code simplifications, code comments, orthographic corrections ,etc.
Any suggestions or help are welcome.

  • Jack Lloyd from randombit.net for the powerful Botan C++ cryptographic library. You can find the Github here.
    It is released under the permissive Simplified BSD license

  • KeepassXC for some big portions of code. Including password generator (modified for use Botan Random Number Generator) and the QSettings wrapper class.

CAUTION:

A simple tool to encrypt file is not magic. If You use an insecure system, Arsenic (and all encryption tools) are useless. Arsenic do not protect you from key-logger, disk analyze, virus, operating system cache etc...

More Screenshots:

The password generator by the KeepassXC project. modified to use Botan RNG.

License:

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

About

C++ Qt5 Application to encrypt files with strongs algorithms and calculate hash. Use Botan and Argon2 for primitives.

Topics

hashing cryptography argon2 qt5 aes-256 chacha20-poly1305 serpent botan

Resources

Readme

License

GPL-3.0, BSD-2-Clause licenses found

Licenses found

GPL-3.0
LICENSE
BSD-2-Clause
botan_license.txt
Activity

Stars

8 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 18

v5.2 Latest
May 1, 2022
+ 17 releases

Packages

No packages published

Languages