mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-07 22:11:09 +08:00
283 lines
11 KiB
Markdown
283 lines
11 KiB
Markdown
|
Toplip – A Very Strong File Encryption And Decryption CLI Utility
|
|||
|
======
|
|||
|
There are numerous file encryption tools available on the market to protect
|
|||
|
your files. We have already reviewed some encryption tools such as
|
|||
|
[**Cryptomater**][1], [**Cryptkeeper**][2], [**CryptGo**][3], [**Cryptr**][4],
|
|||
|
[**Tomb**][5], and [**GnuPG**][6] etc. Today, we will be discussing yet
|
|||
|
another file encryption and decryption command line utility named **"
|
|||
|
Toplip"**. It is a free and open source encryption utility that uses a very
|
|||
|
strong encryption method called **[AES256][7]** , along with an **XTS-AES**
|
|||
|
design to safeguard your confidential data. Also, it uses [**Scrypt**][8], a
|
|||
|
password-based key derivation function, to protect your passphrases against
|
|||
|
brute-force attacks.
|
|||
|
|
|||
|
### Prominent features
|
|||
|
|
|||
|
Compared to other file encryption tools, toplip ships with the following
|
|||
|
unique and prominent features.
|
|||
|
|
|||
|
* Very strong XTS-AES256 based encryption method.
|
|||
|
* Plausible deniability.
|
|||
|
* Encrypt files inside images (PNG/JPG).
|
|||
|
* Multiple passphrase protection.
|
|||
|
* Simplified brute force recovery protection.
|
|||
|
* No identifiable output markers.
|
|||
|
* Open source/GPLv3.
|
|||
|
|
|||
|
### Installing Toplip
|
|||
|
|
|||
|
There is no installation required. Toplip is a standalone executable binary
|
|||
|
file. All you have to do is download the latest toplip from the [**official
|
|||
|
products page**][9] and make it as executable. To do so, just run:
|
|||
|
|
|||
|
```
|
|||
|
chmod +x toplip
|
|||
|
```
|
|||
|
|
|||
|
### Usage
|
|||
|
|
|||
|
If you run toplip without any arguments, you will see the help section.
|
|||
|
|
|||
|
```
|
|||
|
./toplip
|
|||
|
```
|
|||
|
|
|||
|
[![][10]][11]
|
|||
|
|
|||
|
Allow me to show you some examples.
|
|||
|
|
|||
|
For the purpose of this guide, I have created two files namely **file1** and
|
|||
|
**file2**. Also, I have an image file which we need it to hide the files
|
|||
|
inside it. And finally, I have **toplip** executable binary file. I have kept
|
|||
|
them all in a directory called **test**.
|
|||
|
|
|||
|
[![][12]][13]
|
|||
|
|
|||
|
**Encrypt/decrypt a single file**
|
|||
|
|
|||
|
Now, let us encrypt **file1**. To do so, run:
|
|||
|
|
|||
|
```
|
|||
|
./toplip file1 > file1.encrypted
|
|||
|
```
|
|||
|
|
|||
|
This command will prompt you to enter a passphrase. Once you have given the
|
|||
|
passphrase, it will encrypt the contents of **file1** and save them in a file
|
|||
|
called **file1.encrypted** in your current working directory.
|
|||
|
|
|||
|
Sample output of the above command would be:
|
|||
|
|
|||
|
```
|
|||
|
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip file1 Passphrase #1: generating keys...Done
|
|||
|
Encrypting...Done
|
|||
|
```
|
|||
|
|
|||
|
To verify if the file is really encrypted., try to open it and you will see
|
|||
|
some random characters.
|
|||
|
|
|||
|
To decrypt the encrypted file, use **-d** flag like below:
|
|||
|
|
|||
|
```
|
|||
|
./toplip -d file1.encrypted
|
|||
|
```
|
|||
|
|
|||
|
This command will decrypt the given file and display the contents in the
|
|||
|
Terminal window.
|
|||
|
|
|||
|
To restore the file instead of writing to stdout, do:
|
|||
|
|
|||
|
```
|
|||
|
./toplip -d file1.encrypted > file1.decrypted
|
|||
|
```
|
|||
|
|
|||
|
Enter the correct passphrase to decrypt the file. All contents of **file1.encrypted** will be restored in a file called **file1.decrypted**.
|
|||
|
|
|||
|
Please don't follow this naming method. I used it for the sake of easy understanding. Use any other name(s) which is very hard to predict.
|
|||
|
|
|||
|
**Encrypt/decrypt multiple files
|
|||
|
**
|
|||
|
|
|||
|
Now we will encrypt two files with two separate passphrases for each one.
|
|||
|
|
|||
|
```
|
|||
|
./toplip -alt file1 file2 > file3.encrypted
|
|||
|
```
|
|||
|
|
|||
|
You will be asked to enter passphrase for each file. Use different
|
|||
|
passphrases.
|
|||
|
|
|||
|
Sample output of the above command will be:
|
|||
|
|
|||
|
```
|
|||
|
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
|
|||
|
**file2 Passphrase #1** : generating keys...Done
|
|||
|
**file1 Passphrase #1** : generating keys...Done
|
|||
|
Encrypting...Done
|
|||
|
```
|
|||
|
|
|||
|
What the above command will do is encrypt the contents of two files and save
|
|||
|
them in a single file called **file3.encrypted**. While restoring, just give
|
|||
|
the respective password. For example, if you give the passphrase of the file1,
|
|||
|
toplip will restore file1. If you enter the passphrase of file2, toplip will
|
|||
|
restore file2.
|
|||
|
|
|||
|
Each **toplip** encrypted output may contain up to four wholly independent
|
|||
|
files, and each created with their own separate and unique passphrase. Due to
|
|||
|
the way the encrypted output is put together, there is no way to easily
|
|||
|
determine whether or not multiple files actually exist in the first place. By
|
|||
|
default, even if only one file is encrypted using toplip, random data is added
|
|||
|
automatically. If more than one file is specified, each with their own
|
|||
|
passphrase, then you can selectively extract each file independently and thus
|
|||
|
deny the existence of the other files altogether. This effectively allows a
|
|||
|
user to open an encrypted bundle with controlled exposure risk, and no
|
|||
|
computationally inexpensive way for an adversary to conclusively identify that
|
|||
|
additional confidential data exists. This is called **Plausible deniability**
|
|||
|
, one of the notable feature of toplip.
|
|||
|
|
|||
|
To decrypt **file1** from **file3.encrypted** , just enter:
|
|||
|
|
|||
|
```
|
|||
|
./toplip -d file3.encrypted > file1.encrypted
|
|||
|
```
|
|||
|
|
|||
|
You will be prompted to enter the correct passphrase of file1.
|
|||
|
|
|||
|
To decrypt **file2** from **file3.encrypted** , enter:
|
|||
|
|
|||
|
```
|
|||
|
./toplip -d file3.encrypted > file2.encrypted
|
|||
|
```
|
|||
|
|
|||
|
Do not forget to enter the correct passphrase of file2.
|
|||
|
|
|||
|
**Use multiple passphrase protection**
|
|||
|
|
|||
|
This is another cool feature that I admire. We can provide multiple
|
|||
|
passphrases for a single file when encrypting it. It will protect the
|
|||
|
passphrases against brute force attempts.
|
|||
|
|
|||
|
```
|
|||
|
./toplip -c 2 file1 > file1.encrypted
|
|||
|
```
|
|||
|
|
|||
|
Here, **-c 2** represents two different passphrases. Sample output of above
|
|||
|
command would be:
|
|||
|
|
|||
|
```
|
|||
|
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
|
|||
|
**file1 Passphrase #1:** generating keys...Done
|
|||
|
**file1 Passphrase #2:** generating keys...Done
|
|||
|
Encrypting...Done
|
|||
|
```
|
|||
|
|
|||
|
As you see in the above example, toplip prompted me to enter two passphrases.
|
|||
|
Please note that you must **provide two different passphrases** , not a single
|
|||
|
passphrase twice.
|
|||
|
|
|||
|
To decrypt this file, do:
|
|||
|
|
|||
|
```
|
|||
|
$ ./toplip -c 2 -d file1.encrypted > file1.decrypted
|
|||
|
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
|
|||
|
**file1.encrypted Passphrase #1:** generating keys...Done
|
|||
|
**file1.encrypted Passphrase #2:** generating keys...Done
|
|||
|
Decrypting...Done
|
|||
|
```
|
|||
|
|
|||
|
**Hide files inside image**
|
|||
|
|
|||
|
The practice of concealing a file, message, image, or video within another
|
|||
|
file is called **steganography**. Fortunately, this feature exists in toplip
|
|||
|
by default.
|
|||
|
|
|||
|
To hide a file(s) inside images, use **-m** flag as shown below.
|
|||
|
|
|||
|
```
|
|||
|
$ ./toplip -m image.png file1 > image1.png
|
|||
|
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
|
|||
|
file1 Passphrase #1: generating keys...Done
|
|||
|
Encrypting...Done
|
|||
|
```
|
|||
|
|
|||
|
This command conceals the contents of file1 inside an image named image1.png.
|
|||
|
To decrypt it, run:
|
|||
|
|
|||
|
```
|
|||
|
$ ./toplip -d image1.png > file1.decrypted This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
|
|||
|
image1.png Passphrase #1: generating keys...Done
|
|||
|
Decrypting...Done
|
|||
|
```
|
|||
|
|
|||
|
**Increase password complexity**
|
|||
|
|
|||
|
To make things even harder to break, we can increase the password complexity
|
|||
|
like below.
|
|||
|
|
|||
|
```
|
|||
|
./toplip -c 5 -i 0x8000 -alt file1 -c 10 -i 10 file2 > file3.encrypted
|
|||
|
```
|
|||
|
|
|||
|
The above command will prompt to you enter 10 passphrases for the file1, 5
|
|||
|
passphrases for the file2 and encrypt both of them in a single file called
|
|||
|
"file3.encrypted". As you may noticed, we have used one more additional flag
|
|||
|
**-i** in this example. This is used to specify key derivation iterations.
|
|||
|
This option overrides the default iteration count of 1 for scrypt's initial
|
|||
|
and final PBKDF2 stages. Hexadecimal or decimal values permitted, e.g.
|
|||
|
**0x8000** , **10** , etc. Please note that this can dramatically increase the
|
|||
|
calculation times.
|
|||
|
|
|||
|
To decrypt file1, use:
|
|||
|
|
|||
|
```
|
|||
|
./toplip -c 5 -i 0x8000 -d file3.encrypted > file1.decrypted
|
|||
|
```
|
|||
|
|
|||
|
To decrypt file2, use:
|
|||
|
|
|||
|
```
|
|||
|
./toplip -c 10 -i 10 -d file3.encrypted > file2.decrypted
|
|||
|
```
|
|||
|
|
|||
|
To know more about the underlying technical information and crypto methods
|
|||
|
used in toplip, refer its official website given at the end.
|
|||
|
|
|||
|
My personal recommendation to all those who wants to protect their data. Don't
|
|||
|
rely on single method. Always use more than one tools/methods to encrypt
|
|||
|
files. Do not write passphrases/passwords in a paper and/or do not save them
|
|||
|
in your local or cloud storage. Just memorize them and destroy the notes. If
|
|||
|
you're poor at remembering passwords, consider to use any trustworthy password
|
|||
|
managers.
|
|||
|
|
|||
|
And, that's all. More good stuffs to come. Stay tuned!
|
|||
|
|
|||
|
Cheers!
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
--------------------------------------------------------------------------------
|
|||
|
|
|||
|
via: https://www.ostechnix.com/toplip-strong-file-encryption-decryption-cli-utility/
|
|||
|
|
|||
|
作者:[SK][a]
|
|||
|
译者:[译者ID](https://github.com/译者ID)
|
|||
|
校对:[校对者ID](https://github.com/校对者ID)
|
|||
|
|
|||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
|||
|
|
|||
|
[a]:https://www.ostechnix.com/author/sk/
|
|||
|
[1]:https://www.ostechnix.com/cryptomator-open-source-client-side-encryption-tool-cloud/
|
|||
|
[2]:https://www.ostechnix.com/how-to-encrypt-your-personal-foldersdirectories-in-linux-mint-ubuntu-distros/
|
|||
|
[3]:https://www.ostechnix.com/cryptogo-easy-way-encrypt-password-protect-files/
|
|||
|
[4]:https://www.ostechnix.com/cryptr-simple-cli-utility-encrypt-decrypt-files/
|
|||
|
[5]:https://www.ostechnix.com/tomb-file-encryption-tool-protect-secret-files-linux/
|
|||
|
[6]:https://www.ostechnix.com/an-easy-way-to-encrypt-and-decrypt-files-from-commandline-in-linux/
|
|||
|
[7]:http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
|
|||
|
[8]:http://en.wikipedia.org/wiki/Scrypt
|
|||
|
[9]:https://2ton.com.au/Products/
|
|||
|
[10]:https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2.png%201366w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2-300x157.png%20300w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2-768x403.png%20768w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2-1024x537.png%201024w
|
|||
|
[11]:http://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2.png
|
|||
|
[12]:https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-1.png%20779w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-1-300x101.png%20300w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-1-768x257.png%20768w
|
|||
|
[13]:http://www.ostechnix.com/wp-content/uploads/2017/12/toplip-1.png
|
|||
|
|