@yizhuoyan @MjSeven @rockouc @HankChow @filefi @fuyongXu @singledo @runningwater @zky001 @rachelsunqh
11 KiB
Toplip – A Very Strong File Encryption And Decryption CLI Utility
There are numerous file encryption tools available on the market to protect your files. We have already reviewed some encryption tools such as Cryptomater, Cryptkeeper, CryptGo, Cryptr, Tomb, and GnuPG etc. Today, we will be discussing yet another file encryption and decryption command line utility named " Toplip". It is a free and open source encryption utility that uses a very strong encryption method called AES256 , along with an XTS-AES design to safeguard your confidential data. Also, it uses Scrypt, a password-based key derivation function, to protect your passphrases against brute-force attacks.
Prominent features
Compared to other file encryption tools, toplip ships with the following unique and prominent features.
- Very strong XTS-AES256 based encryption method.
- Plausible deniability.
- Encrypt files inside images (PNG/JPG).
- Multiple passphrase protection.
- Simplified brute force recovery protection.
- No identifiable output markers.
- Open source/GPLv3.
Installing Toplip
There is no installation required. Toplip is a standalone executable binary file. All you have to do is download the latest toplip from the official products page and make it as executable. To do so, just run:
chmod +x toplip
Usage
If you run toplip without any arguments, you will see the help section.
./toplip
Allow me to show you some examples.
For the purpose of this guide, I have created two files namely file1 and file2. Also, I have an image file which we need it to hide the files inside it. And finally, I have toplip executable binary file. I have kept them all in a directory called test.
Encrypt/decrypt a single file
Now, let us encrypt file1. To do so, run:
./toplip file1 > file1.encrypted
This command will prompt you to enter a passphrase. Once you have given the passphrase, it will encrypt the contents of file1 and save them in a file called file1.encrypted in your current working directory.
Sample output of the above command would be:
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip file1 Passphrase #1: generating keys...Done
Encrypting...Done
To verify if the file is really encrypted., try to open it and you will see some random characters.
To decrypt the encrypted file, use -d flag like below:
./toplip -d file1.encrypted
This command will decrypt the given file and display the contents in the Terminal window.
To restore the file instead of writing to stdout, do:
./toplip -d file1.encrypted > file1.decrypted
Enter the correct passphrase to decrypt the file. All contents of file1.encrypted will be restored in a file called file1.decrypted.
Please don't follow this naming method. I used it for the sake of easy understanding. Use any other name(s) which is very hard to predict.
**Encrypt/decrypt multiple files **
Now we will encrypt two files with two separate passphrases for each one.
./toplip -alt file1 file2 > file3.encrypted
You will be asked to enter passphrase for each file. Use different passphrases.
Sample output of the above command will be:
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
**file2 Passphrase #1** : generating keys...Done
**file1 Passphrase #1** : generating keys...Done
Encrypting...Done
What the above command will do is encrypt the contents of two files and save them in a single file called file3.encrypted. While restoring, just give the respective password. For example, if you give the passphrase of the file1, toplip will restore file1. If you enter the passphrase of file2, toplip will restore file2.
Each toplip encrypted output may contain up to four wholly independent files, and each created with their own separate and unique passphrase. Due to the way the encrypted output is put together, there is no way to easily determine whether or not multiple files actually exist in the first place. By default, even if only one file is encrypted using toplip, random data is added automatically. If more than one file is specified, each with their own passphrase, then you can selectively extract each file independently and thus deny the existence of the other files altogether. This effectively allows a user to open an encrypted bundle with controlled exposure risk, and no computationally inexpensive way for an adversary to conclusively identify that additional confidential data exists. This is called Plausible deniability , one of the notable feature of toplip.
To decrypt file1 from file3.encrypted , just enter:
./toplip -d file3.encrypted > file1.encrypted
You will be prompted to enter the correct passphrase of file1.
To decrypt file2 from file3.encrypted , enter:
./toplip -d file3.encrypted > file2.encrypted
Do not forget to enter the correct passphrase of file2.
Use multiple passphrase protection
This is another cool feature that I admire. We can provide multiple passphrases for a single file when encrypting it. It will protect the passphrases against brute force attempts.
./toplip -c 2 file1 > file1.encrypted
Here, -c 2 represents two different passphrases. Sample output of above command would be:
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
**file1 Passphrase #1:** generating keys...Done
**file1 Passphrase #2:** generating keys...Done
Encrypting...Done
As you see in the above example, toplip prompted me to enter two passphrases. Please note that you must provide two different passphrases , not a single passphrase twice.
To decrypt this file, do:
$ ./toplip -c 2 -d file1.encrypted > file1.decrypted
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
**file1.encrypted Passphrase #1:** generating keys...Done
**file1.encrypted Passphrase #2:** generating keys...Done
Decrypting...Done
Hide files inside image
The practice of concealing a file, message, image, or video within another file is called steganography. Fortunately, this feature exists in toplip by default.
To hide a file(s) inside images, use -m flag as shown below.
$ ./toplip -m image.png file1 > image1.png
This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
file1 Passphrase #1: generating keys...Done
Encrypting...Done
This command conceals the contents of file1 inside an image named image1.png. To decrypt it, run:
$ ./toplip -d image1.png > file1.decrypted This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
image1.png Passphrase #1: generating keys...Done
Decrypting...Done
Increase password complexity
To make things even harder to break, we can increase the password complexity like below.
./toplip -c 5 -i 0x8000 -alt file1 -c 10 -i 10 file2 > file3.encrypted
The above command will prompt to you enter 10 passphrases for the file1, 5 passphrases for the file2 and encrypt both of them in a single file called "file3.encrypted". As you may noticed, we have used one more additional flag -i in this example. This is used to specify key derivation iterations. This option overrides the default iteration count of 1 for scrypt's initial and final PBKDF2 stages. Hexadecimal or decimal values permitted, e.g. 0x8000 , 10 , etc. Please note that this can dramatically increase the calculation times.
To decrypt file1, use:
./toplip -c 5 -i 0x8000 -d file3.encrypted > file1.decrypted
To decrypt file2, use:
./toplip -c 10 -i 10 -d file3.encrypted > file2.decrypted
To know more about the underlying technical information and crypto methods used in toplip, refer its official website given at the end.
My personal recommendation to all those who wants to protect their data. Don't rely on single method. Always use more than one tools/methods to encrypt files. Do not write passphrases/passwords in a paper and/or do not save them in your local or cloud storage. Just memorize them and destroy the notes. If you're poor at remembering passwords, consider to use any trustworthy password managers.
And, that's all. More good stuffs to come. Stay tuned!
Cheers!
via: https://www.ostechnix.com/toplip-strong-file-encryption-decryption-cli-utility/