Skip to main content

File and message encryption program

Project description

Covert Encryption

Logo

A file and message encryptor with strong anonymity

  • ChaCha20-Poly1305 stream cipher with authentication
  • Argon2 secures shorter passwords against cracking
  • Curve25519 public key encrypt & sign with SSH, Age and MiniSign keys

Anonymity, privacy and authenticity

The encrypted archive looks exactly like random data, providing deniability. Every byte is protected so that not only is reading prevented but authenticity is also verified, protecting your data against any outsiders, and files may also be signed if necessary.

Other encryption tools add unencrypted headers revealing the recipients and other metadata. Covert was created to address this very problem, to stop all information leakage.

A message (base64 or binary) has no headers or anything else that could be recognized:

th-WABpvMefcELoEoAZoGLS-4c5Touy37rX84MzY9QT_svERJclji6MC6NaZaN9LCu5mXx8srPa24A

The program generates easy passphrases like babychoicepricefixed for the above.

Try it!

Python pip will add covert on your system. decrypt the message to see what it says:

pip install covert
covert dec

File I/O speeds matching the fastest SSDs

Benchmark results. Covert up to 4 GB/s.

Covert is the fastest of all the popular tools in both encryption (blue) and decryption (red).

Program Lang Algorithms Operation
Covert Python chacha20‑poly1305 sha512‑ed25519 encrypt with auth and signature
Age Go chacha20-poly1305 encrypt with auth
Rage Rust chacha20-poly1305 encrypt with auth
OpenSSL C aes256-ctr (hw accelerated) encrypt only
GPG C aes128-cfb, deflate encrypt with auth and compression
MiniSign C blake2b-512 ed25519 signature only (for reference)

A few interesting features

Files of any size may be attached to messages without the use of external tools, and without revealing any metadata such as modification times.

A completely different ciphertext is produced each time, usually of different size, even if the message and the key are exactly the same. Other crypto tools cannot do this.

Covert messages are much shorter than with other cryptosystems, accomplished by some ingenious engineering.

A key insight is that a receiver can blindly attempt to decrypt a file with many different keys and parameters until he finds a combination that authenticates successfully. This saves valuable space on short messages and improves security because no plain text headers are needed.

Additional reading

Covert is in an early development phase, so you are encouraged to try it but avoid using it on any valuable data just yet. We are looking for interested developers and the specification itself is still open to changes, no compatibility guarantees.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

covert-0.3.0.tar.gz (115.6 kB view details)

Uploaded Source

File details

Details for the file covert-0.3.0.tar.gz.

File metadata

  • Download URL: covert-0.3.0.tar.gz
  • Upload date:
  • Size: 115.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.5.0 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7

File hashes

Hashes for covert-0.3.0.tar.gz
Algorithm Hash digest
SHA256 1e3dbbe1d82657fd6cb4187f22b399170a40efc3fd68043a84779c90627b8d11
MD5 65c5405acf3f8a15f68326ee545bd29a
BLAKE2b-256 eec45bdf84a068f3a144ae43a48d3d92cefcc4d8953b4246bc82b082b31cae5c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page