git clone --recursive https://github.com/GlitchedPolygons/pwcrypt.git
Just add pwcrypt as a git submodule to your project (e.g. into some lib/
or deps/
folder inside your project's repo; {repo_root}/lib/
is used here in the following example).
git submodule add https://github.com/GlitchedPolygons/pwcrypt.git lib/pwcrypt
git submodule update --init --recursive
If you don't want to use git submodules, you can also start vendoring a specific version of pwcrypt by copying its full repo content into the folder where you keep your project's external libraries/dependencies.
Check out the API docs or the pwcrypt.h
header file to find out how to call the encrypt/decrypt functions in C.
bash build.sh
This works on Windows too: just use the Git Bash for Windows CLI!
If the build succeeds, you should now have a new .tar.gz
file inside the build/
directory!
bash build-mingw.sh
Wanna compile using MinGW-w64? Run this using e.g. "Git Bash for Windows". Make sure that you have your MinGW installation directory inside your PATH
- otherwise this script will fail when trying to call mingw32-make.exe
.
Official release builds are made using mingw-w64/x86_64-8.1.0-posix-seh-rt_v6-rev0/mingw64/bin/gcc.exe
.
This builds the pwcrypt as a static lib (without its MbedTLS dependencies though; those you'd need to manually gather and link yourself from build/mbedtls/library
!)
mkdir -p build && cd build
cmake -DCMAKE_BUILD_TYPE=Release -Dpwcrypt_PACKAGE=On -Dpwcrypt_ONLY_BUILD_LIB=On ..
cmake --build . --config Release
If you use CMake you don't need to build from source externally:
you can just add_subdirectory(path_to_git_submodule)
and then target_link_libraries(your_project PRIVATE pwcrypt)
inside your CMakeLists.txt file.
The pwcrypt command line interface works using the following (relatively rigid) sequence of arguments:
- Mode ('e' for encrypting, 'd' for decrypting)
- Input text (string to encrypt or decrypt)
- Password (string to encrypt the input with)
- [Optional params for encryption]
pwcrypt {e|d} {input} {password} \
[--time-cost=INT] \
[--memory-cost=INT] \
[--parallelism=INT] \
[--compression=INT] \
[--algorithm=aes256-gcm|chachapoly] \
[--file=OUTPUT_FILE_PATH]
pwcrypt e "My string to encrypt" "VERY-safe_password123!"
You can append the following optional (integer) arguments for controlling key-derivation with Argon2 at the end:
--time-cost=4
- The higher, the safer, the slower...
--memory-cost=65536
- This value is in KiB and sets the Argon2 memory cost parameter.
--parallelism=2
- Sets the amount of parallel threads to be used by Argon2
Passing
0
to these optional args is equivalent to omitting them, thus using the default values as defined inside pwcrypt.h.
--compression=8
- This value between
0
and9
determines the compression level to use when deflating the input data to encrypt:0
does not compress at all, and9
compresses the most (but can be slower). Default is8
.
Append --algorithm=chachapoly
at the end to use the ChaCha20-Poly1305 encryption algorithm instead of the default value aes256-gcm
.
pwcrypt d "EwAAAAQAAAAAAAQAAgAAAFYjNGlNEnNMn5VtyW5hvxnKhdk9i" "Decryption Password 123 !!!"
The pwcrypt CLI supports encrypting/decrypting files instead of strings too:
Append the argument --file="/usr/some/output/filepath.bin"
containing the output file path,
and the result will be written into a file instead of printing it out to the console.
In this case, the {input}
text argument will be treated as the path of the file to encrypt/decrypt, NOT as the input string to encrypt.
- Example:
pwcrypt e "/home/someuser/secret.png" \ "Extremely Safe Encryption 1337 PW" \ --file="/home/someuser/enrypted-secret.png.pwcrypt" \ --compression=0 \ --algorithm=chachapoly
Please keep in mind:
The output string path is definitive: there will be no asking whether it's ok to overwrite existing files or not.
So make sure to only confirm commands that you know won't cause losses!
You want the nice graphical stuff huh? The fully visualized presentation. With colors 'n' design n' stuff. We get it!
There is a (commercial) Android app on the Google Play store called "psíthyros" that uses and wraps this library. It presents a very usable and accessible way of interacting with pwcrypt (for text messages, mainly).
The desktop client is available for the x64 CPU architecture on Windows, Linux and Mac. Check it out here on the glitchedpolygons.com store!