You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# JSafebox - A lightweight, portable and cross-platform vault
23
24
24
-
JSafebox encrypt your file using [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) encryption. It can be used as command line tool or with a _file explorer_ like interface.
25
+
JSafebox encrypt your files using [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) encryption. It can be used as command line tool or with a _file explorer_ like interface.
25
26
26
27
**Decrypted data is never written on the drive** (except during file extraction requested by user).
27
28
@@ -34,35 +35,43 @@ JSafebox encrypt your file using [AES](https://en.wikipedia.org/wiki/Advanced_En
34
35
35
36
### Why JSafebox ?
36
37
With the rise of online banking, cryptocurrencies and other digital transformation, it has become mandatory to backup sensitive files.
37
-
Those file need to be easily accessible, securely stored and encrypted. But lightweight, portable, cross platform vault software are surprisingly hard to come by. Password protected archive works fine but they let room for file leakage as there is no convenient way of exploring the vault without extracting the whole content. Jsafebox was made to cover these shortfalls.
38
+
Those file need to be easily accessible, securely stored and encrypted. But lightweight, portable, cross platform vault software are surprisingly hard to come by. Password protected archive works fine but they let room for file leakage since there is no convenient way of exploring the vault without extracting the whole content. Jsafebox was made to cover these shortfalls.
38
39
39
40
40
41
41
42
42
43
43
44
44
45
### JSafebox Protocol
45
-
JSafebox is using a very simple protocol so encrypted files can be easily read by another program, as long as you have the encryption password.
46
-
Each datagram is preceded by its length stored as a 64 bits (8 bytes) integer (`long` in Java):
46
+
JSafebox is using a very simple protocol so encrypted files can be easily read by another program, as long as you have the password. The encryption key is derived from the password using [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) hashing with 100000 iteration.
47
+
48
+
A JSafebox file contains a [SHA256](https://en.wikipedia.org/wiki/SHA-2) integrity hash followed by blocks:
length 0|datagram 0|length 1|datagram 1|length 3|...|datagram N
52
+
Each block is stored as followed:
53
+
54
+
IV | metadata length | metadata | data length | data
49
55
50
-
The first datagram `datagram 0` is the *header* and is **the only datagram not encrypted**. The *header* contains text entries specified by the user and various additional entries incuding a protocol explanation, the type of encoding and the IV of the encryption. The *header*'s data is stored in JSON format and can be seen by opening the safe file with a basic text editor.
56
+
where `IV` is the [Initialization_vector](https://en.wikipedia.org/wiki/Initialization_vector) of the encryption (16 bytes), `metadata` is a JSON string and `length` are 64 bits (8 bytes) integer (`long` in Java).
57
+
58
+
The first block `block 0` is the *header* and is **the only block not encrypted** and therefore, **the only block without IV**. The *header* only have metadata (`data length` is 0) and contains text entries specified by the user and various additional entries including a protocol explanation, the type of encoding and the parameters of the encryption. The *header*'s metadata is stored as JSON string and can be seen by opening the safe file with a basic text editor.
51
59
52
-
The second datagram `datagram 1` is the *properties*. It contains encrypted text entries specified by the user.
60
+
The second block `block 1` is the *properties*. It is similar to the *header* except that it is encrypted and have an IV. The *properties* contains text entries specified by the user and stored in JSON.
53
61
54
-
The following datagrams (from 2 to N) are the encrypted files. They work by pair: `datagram i ` contains the metadata of the file as an encrypted JSON text and `datagram i+1` contains the bytes of the encrypted file.
62
+
The following blocks (from 2 to N) are the encrypted files.
55
63
56
64
57
65
58
66
### TODO
59
-
-[x] Command line
67
+
-[x] Command line (with the mighty tiny [picocli](https://github.com/remkop/picocli) project)
60
68
-[x] Wildcard path support
61
69
-[x] File explorer
62
70
-[x] Import with Drag & Drop
63
-
-[] Export with Drag & Drop
71
+
-[x] Export ~~with Drag & Drop~~ (Risk of unintentional drag resulting in data leak)
64
72
-[x] Text viewer
65
73
-[x] Image viewer (zoom and drag)
74
+
-[x] Integrity check
66
75
-[ ] Interactive shell
67
76
68
77
@@ -71,7 +80,6 @@ The following datagrams (from 2 to N) are the encrypted files. They work by pair
71
80
72
81
You can download the latest version of JSafebox [here](https://github.com/0rtis/jsafebox/releases/latest)
73
82
74
-
*JSafebox is using the mighty tiny [picocli](https://github.com/remkop/picocli)*
0 commit comments