This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description
# Secure File Editor

Secure File Editor for sensitive file storage and edition

## Description
Secure File Editor or SFE is a tool wich allow you to store and edit your
sensitive data. All that data are encrypted on you disk. SFE will decrypt them
only before editing them with a classic command line editor like vim or nano.

## Installation

### Requirement

SFE require :
* Python 2.7/3.x
* The python package : `pycrypto`

### Using pip
```shell
sudo pip install SecureFileEditor
```

### Using setup
```shell
sudo python2 setup.py install
```

For developpement usage
```shell
sudo python2 setup.py develop
```

## Usage

### Security purpose
For edit, encrypt and decrypt a file you need to enter a new passphrase or an
existing passphrase. The strengh of the passphrase emply the strengh of your sfe
encrypted file. In more if you forget your passphrase you will not be able to
recover your sfe file.

SFE use AES256 in CBC mode as symmetric function and SHA256 as hash function for generate the symmetric key file with your passphrase and a 32 bits lenght salt.

### Common usage
**Edit a sfe file**
If you want to edit a sfe file
```shell
sfe <file>
```

**NB** `sfe <file>` can also be used for creating a new sfe empty file. But `<file>` cannot be empty.

**Encrypt an existing plain file**
If you want to encrypt an existing plain file for a sfe usage
```shell
sfe --encrypt <file>
```

**Decrypt an existing sfe file**
If you want ti decrypt an existing sfe file when sfe isn't any more required
```shell
sfe --decrypt <file>
```

**Choose your editor**
You can choose you file editor (vim is the default editor):
```shell
sfe --vim <file>
sfe --nano <file>
```

**Version**
```shell
sfe --version
```

**Help**
```shell
sfe --help
```

## How SFE works

### File Edition Scheme:

**Plain file to sfe file (`sfe -e <filename>`)**
```
filename filename
┌┈┈┈┈┈┈┈┈┈┈┈┈┈┈┐ ┌┈┈┈┈┈┈┈┈┈┈┈┈┈┈┐
┊ text file ┊━━encryption━▶┊ sfe file ┊
┊ (plain) ┊ write() ┊ (encrypted) ┊
└┈┈┈┈┈┈┈┈┈┈┈┈┈┈┘ └┈┈┈┈┈┈┈┈┈┈┈┈┈┈┘
```

**SFE file to plain file (`sfe -d <filename>`)**
```
filename filename
┌┈┈┈┈┈┈┈┈┈┈┈┈┈┈┐ ┌┈┈┈┈┈┈┈┈┈┈┈┈┈┈┐
┊ sfe file ┊━━decryption━▶┊ text file ┊
┊ (encrypted) ┊ read() ┊ (plain) ┊
└┈┈┈┈┈┈┈┈┈┈┈┈┈┈┘ └┈┈┈┈┈┈┈┈┈┈┈┈┈┈┘
```

**If a sfe file already exist (`sfe <filename>`)**
```
filename /tmp/filename filename
┌┈┈┈┈┈┈┈┈┈┈┈┈┈┈┐ ┌┈┈┈┈┈┈┈┈┈┈┈┈┈┈┐ ┌┈┈┈┈┈┈┈┈┈┈┈┈┈┈┐
┊ sfe file ┊━━decryption━▶┊ text file ┊━━encryption━▶┊ sfe file ┊
┊ (encrypted) ┊ read() ┊ (plain) ┊ write() ┊ (encrypted) ┊
└┈┈┈┈┈┈┈┈┈┈┈┈┈┈┘ └┈┈┈┈┈┈┈┈┈┈┈┈┈┈┘ └┈┈┈┈┈┈┈┈┈┈┈┈┈┈┘
edit()
```

**Action : `write()`**

1. Read a plain file from /tmp/ or from the current directory.
2. Delete the plain file (with srm in rcmp mode).
3. Encrypt the plain file.
4. Write the encrypted SFE file.

**Action : `read()`**

1. Read the SFE file
2. Decrypt the SFE file
3. Write the plain file in /tmp/

### Encryption scheme

```
╭┈┈┈┈┈┈┈┈┈┈┈┈╮
┊ passphrase ┊
╰┈┈┈┈┈┬┈┈┈┈┈┈╯
file on disk: │
┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ▼
╎╭───────────────────╮╎ ╭┈┈┈┈┈┈┈┈┈┈┈┈╮
╎│ Salt │━━━━▶┊ master key ┊
╎╰───────────────────╯╎ ╰┈┈┈┈┈┬┈┈┈┈┈┈╯
╎╭───────────────────╮╎ ▼ ╭┈┈┈┈┈┈┈┈┈┈╮
╎│ Encrypted file key│━━━━━(decryption)━━━▶┊ file key ┊
╎╰───────────────────╯╎ ╰┈┈┈┈┬┈┈┈┈┈╯
╎┌───────────────────┐╎ ▼ ┌┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┐
╎│ Encrypted file │◀━━━━━━━━━━━━━━━━━(de/encryption)━━━▶┊ text file ┊
╎│ contents │╎ ┊ (plain) ┊
╎└───────────────────┘╎ └┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┘
└ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘
```

**Description**
* `master_key` = SHA256(`salt` | `passphrase`)
* `Encrypted_file_key` = AES256(`plain_file_key`, `master_key`)
* `Encrypted_file_contents` = AES256(`plain_file`, `plain_file_key`)

### SFE file format
```
┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐
╎╭───────────────────╮╎
╎│ Header │╎ 32 bytes (HEADER_SIZE)
╎╰───────────────────╯╎
╎╭───────────────────╮╎
╎│ Salt │╎ 32 bytes (SALT_SIZE)
╎╰───────────────────╯╎
╎╭───────────────────╮╎
╎│ Encrypted file key│╎ 64 bytes (CIPHER_KEY_SIZE)
╎╰───────────────────╯╎
╎┌───────────────────┐╎
╎│ Encrypted file │╎
╎│ contents │╎
╎└───────────────────┘╎
└ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘
```

## Author

* Version `1.0`
* Year `2014`
* Website https://securefileeditor.pujol.io
* Author `Alexandre PUJOL` <alexandre@pujol.io>
* License `GPL3`
Release History

Release History

1.0

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting