Skip to content

Commit

Permalink
Merge pull request #19 from mrf345/testing
Browse files Browse the repository at this point in the history 
Move encryption to `argon2id` and `chacha20poly1305`
  • Loading branch information
@mrf345
mrf345 authored Sep 13, 2024
2 parents 5061f39 + 552d9c9 commit 8ac1145
Show file tree
Hide file tree
Showing 24 changed files with 334 additions and 337 deletions.
23 changes: 19 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,10 @@ safelock-cli
</a>
</h1>

Fast files encryption (AES-GCM) package and command-line tool built for speed with Go and [Archiver](https://github.com/mholt/archiver)
Fast files encryption package and command-line tool built for speed with Go and [Archiver](https://github.com/mholt/archiver)

Utilizing `argon2id` and `chacha20poly1305` for encryption, see [default options](#options).


### Install

Expand All @@ -27,6 +30,7 @@ go get https://github.com/mrf345/safelock-cli@latest

Or using one of the latest release binaries [here](https://github.com/mrf345/safelock-cli/releases)


### Examples

Encrypt a path with default options
Expand All @@ -48,10 +52,21 @@ echo "password123456" | safelock-cli encrypt path_to_encrypt encrypted_file_path

You can find interactive examples of using it as a package to [encrypt](https://pkg.go.dev/github.com/mrf345/safelock-cli/safelock#example-Safelock.Encrypt) and [decrypt](https://pkg.go.dev/github.com/mrf345/safelock-cli/safelock#example-Safelock.Decrypt).

### Performance

- Encryption should be about **20.2** times faster than `gpgtar`, and the decryption **3.3** times.
- Encryption should be about **9.1** times faster than `7zip`, and the decryption **9.5** times.
### Options

Following the default options remanded by [RFC9106](https://datatracker.ietf.org/doc/html/rfc9106#section-7.4) and [crypto/argon2](https://pkg.go.dev/golang.org/x/crypto/argon2#IDKey)

| Option | Value |
|-------------------------|---------------------------------------------|
| Iterations | 3 |
| Memory size | 64 Megabytes |
| Key length | 32 |
| Threads | Number of available cores `runtime.NumCPU()`|
| Minimum password length | 8 |


### Performance

> [!NOTE]
> You can reproduce the results by running [bench_and_plot.py](benchmark/bench_and_plot.py) (based on [Matplotlib](https://github.com/matplotlib/matplotlib) and [Hyperfine](https://github.com/sharkdp/hyperfine))
Expand Down
33 changes: 19 additions & 14 deletions benchmark/bench_and_plot.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
output_dir = "safelock_dump"
runs = 3
figure_width = 14
figure_height = 3
figure_height = 2.5
bar_width = 0.6
measure = "Seconds"
root = os.getcwd()
Expand All @@ -22,8 +22,7 @@ def get_label(i, clean=False, key="command"):
matchers = [
('gpg', 'gpgtar',),
('7z', '7zip (fastest)',),
('256', 'safelock --sha256',),
('512', 'safelock --sha512',),
('age', 'age (tar-zstd)'),
('safelock', 'safelock',),
]
label = next((v for m, v in matchers if m in i[key]))
Expand All @@ -39,8 +38,7 @@ def get_name(i):
matchers = [
('gpg', f'{output_name}.gpg',),
('7z', f'{output_name}.7z',),
('256', f'{output_name}_sha256.sla',),
('512', f'{output_name}_sha512.sla',),
('age', f'{output_name}.age'),
('safelock', f'{output_name}.sla',),
]

Expand All @@ -51,8 +49,7 @@ def encrypt():
f"hyperfine --runs {runs} --prepare "
f"'sleep {rest}' "
f"'echo \"{pwd}\" | {safelock_cmd} encrypt {input_path} {get_name('safelock')} --quiet' "
f"'echo \"{pwd}\" | {safelock_cmd} encrypt {input_path} {get_name('256')} --quiet --sha256' "
f"'echo \"{pwd}\" | {safelock_cmd} encrypt {input_path} {get_name('512')} --quiet --sha512' "
f"'tar cv --zstd {input_path} | . {root}/pipe_age_password.sh | age -e -p -o {get_name('age')}' "
f"'7z a -p{pwd} -mx1 {get_name('7z')} {input_path}' "
f"'gpgtar -e -o {get_name('gpg')} -c --yes --batch --gpg-args \"--passphrase {pwd}\" {input_path}' "
f"--export-json {root}/encryption.json"
Expand All @@ -66,8 +63,7 @@ def decrypt():
f"hyperfine --runs {runs} --prepare "
f"'rm -rf {output_dir} {output_name}_*_ && mkdir {output_dir} && sleep {rest}' "
f"'echo \"{pwd}\" | {safelock_cmd} decrypt {get_name('safelock')} {output_dir} --quiet' "
f"'echo \"{pwd}\" | {safelock_cmd} decrypt {get_name('256')} {output_dir} --quiet --sha256' "
f"'echo \"{pwd}\" | {safelock_cmd} decrypt {get_name('512')} {output_dir} --quiet --sha512' "
f"'sleep 0.05; xdotool type \"{pwd}\"; xdotool key \"Return\" | age --decrypt {get_name('age')} | tar x --zstd -f - -C {output_dir}' "
f"'7z e -y -p{pwd} -mx1 {get_name('7z')} -o{output_dir}' "
f"'gpgtar -d --yes --batch --gpg-args \"--passphrase {pwd}\" {get_name('gpg')}' "
f"--export-json {root}/decryption.json"
Expand All @@ -77,8 +73,8 @@ def decrypt():
exit(err)

os.chdir(os.path.expanduser("~"))
encrypt()
decrypt()
# encrypt()
# decrypt()
os.chdir(root)
plt.margins(3.5)

Expand All @@ -95,7 +91,10 @@ def decrypt():
fig, ax = plt.subplots()
ax.set_title('Encryption Time')
ax.set_xlabel(measure)
ax.barh(labels, scores, bar_width, color=colors)
ax.yaxis.set_label_position('right')
ax.set_ylabel('lower is better')
ax.grid(zorder=0, axis='x', color='black')
ax.barh(labels, scores, bar_width, color=colors, zorder=3)
fig.set_size_inches(w=figure_width, h=figure_height)
fig.tight_layout()
fig.savefig("encryption-time.webp", transparent=True, format="webp")
Expand All @@ -112,7 +111,10 @@ def decrypt():
fig, ax = plt.subplots()
ax.set_title('Decryption Time')
ax.set_xlabel(measure)
ax.barh(labels, decryption, bar_width, color=colors)
ax.yaxis.set_label_position('right')
ax.set_ylabel('lower is better')
ax.grid(zorder=0, axis='x', color='black')
ax.barh(labels, decryption, bar_width, color=colors, zorder=3)
fig.set_size_inches(w=figure_width, h=figure_height)
fig.tight_layout()
fig.savefig("decryption-time.webp", transparent=True, format="webp")
Expand All @@ -134,7 +136,10 @@ def decrypt():
fig, ax = plt.subplots()
ax.set_title('File Size')
ax.set_xlabel("Megabytes")
ax.barh(labels, sizes, bar_width, color=colors)
ax.yaxis.set_label_position('right')
ax.set_ylabel('lower is better')
ax.grid(zorder=0, axis='x', color='black')
ax.barh(labels, sizes, bar_width, color=colors, zorder=3)
fig.set_size_inches(w=figure_width, h=figure_height)
fig.tight_layout()
fig.savefig("file-size.webp", transparent=True, format="webp")
Binary file modified benchmark/decryption-time.webp
View file
Binary file not shown.
102 changes: 41 additions & 61 deletions benchmark/decryption.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,17 @@
"results": [
{
"command": "echo \"123456789\" | ~/Projects/safelock-cli/safelock-cli decrypt test.sla safelock_dump --quiet",
"mean": 2.1295176539933336,
"stddev": 0.03361454776096437,
"median": 2.13093239266,
"user": 2.5876522466666665,
"system": 1.88427306,
"min": 2.0952180726600003,
"max": 2.16240249666,
"mean": 1.8276349158133336,
"stddev": 0.14566191806696024,
"median": 1.9042654354800002,
"user": 2.309450346666667,
"system": 1.9107805599999999,
"min": 1.6596538664800002,
"max": 1.9189854454800002,
"times": [
2.16240249666,
2.13093239266,
2.0952180726600003
1.9189854454800002,
1.9042654354800002,
1.6596538664800002
],
"exit_codes": [
0,
Expand All @@ -21,38 +21,18 @@
]
},
{
"command": "echo \"123456789\" | ~/Projects/safelock-cli/safelock-cli decrypt test_sha256.sla safelock_dump --quiet --sha256",
"mean": 1.8789916449933333,
"stddev": 0.17816416646803604,
"median": 1.98184108566,
"user": 2.0644982466666666,
"system": 1.776121393333333,
"min": 1.67326538666,
"max": 1.9818684626599998,
"command": "sleep 0.05; xdotool type \"123456789\"; xdotool key \"Return\" | age --decrypt test.age | tar x --zstd -f - -C safelock_dump",
"mean": 2.816656686146667,
"stddev": 0.2702910723941267,
"median": 2.9378343294800002,
"user": 2.6122993466666666,
"system": 5.240392226666667,
"min": 2.50698103648,
"max": 3.00515469248,
"times": [
1.67326538666,
1.98184108566,
1.9818684626599998
],
"exit_codes": [
0,
0,
0
]
},
{
"command": "echo \"123456789\" | ~/Projects/safelock-cli/safelock-cli decrypt test_sha512.sla safelock_dump --quiet --sha512",
"mean": 2.123450407993334,
"stddev": 0.1763774710740607,
"median": 2.1136010126600002,
"user": 2.5975039133333335,
"system": 1.7468127266666666,
"min": 1.95220401166,
"max": 2.3045461996600003,
"times": [
2.3045461996600003,
2.1136010126600002,
1.95220401166
3.00515469248,
2.9378343294800002,
2.50698103648
],
"exit_codes": [
0,
Expand All @@ -62,17 +42,17 @@
},
{
"command": "7z e -y -p123456789 -mx1 test.7z -osafelock_dump",
"mean": 17.944166026326666,
"stddev": 0.03535223844853417,
"median": 17.95858265166,
"user": 19.665792913333334,
"system": 1.4092493933333332,
"min": 17.90388353266,
"max": 17.97003189466,
"mean": 18.76303972514667,
"stddev": 0.10991428273642811,
"median": 18.72587103648,
"user": 20.692533679999997,
"system": 1.3673248933333333,
"min": 18.67652879848,
"max": 18.886719340480003,
"times": [
17.97003189466,
17.90388353266,
17.95858265166
18.67652879848,
18.886719340480003,
18.72587103648
],
"exit_codes": [
0,
Expand All @@ -82,17 +62,17 @@
},
{
"command": "gpgtar -d --yes --batch --gpg-args \"--passphrase 123456789\" test.gpg",
"mean": 6.240754918993335,
"stddev": 0.18841334623779463,
"median": 6.18021860166,
"user": 0.17699391333333328,
"system": 1.4514090599999998,
"min": 6.09005041466,
"max": 6.45199574066,
"mean": 6.573486912813334,
"stddev": 0.3839886822791872,
"median": 6.52200845048,
"user": 0.21511468,
"system": 1.4525625599999998,
"min": 6.21783424048,
"max": 6.98061804748,
"times": [
6.45199574066,
6.18021860166,
6.09005041466
6.98061804748,
6.52200845048,
6.21783424048
],
"exit_codes": [
0,
Expand Down
Binary file modified benchmark/encryption-time.webp
View file
Binary file not shown.
Loading

0 comments on commit 8ac1145

Please sign in to comment.