Jfcrypt

Inspiration

I wanted a file encryption tool that was lightweight with easy to audit code. OpenSSL and GPG can encrypt files, but are both massive codebases with a lot of stuff I don't need and the code is difficult to audit due to its complexity. Jfcrypt is less than 300 lines of C.

What it does

It uses Libsodium to encrypt files with XSalsa20-Poly1305 with Curve25519 keys. This provides great performance on older hardware.

How I built it

I started by researching cryptographic APIs that were available. Libsodium is a fork of NACL, written by Dan Bernstein. It's designed to be easy to use and to only use safe primitives. It was available for OpenBSD and for many other systems, so it was a good choice. Writing the code wasn't too difficult once I had an API picked.

Challenges I ran into

The secret key is not encrypted on disk. This is not great, though it doesn't pose a huge threat. It turned out to be difficult to encrypt the secret key and decrypt it correctly before using it.

Accomplishments that I'm proud of

Jfcrypt meets all of my goals. I wanted something under 300 lines that was fast.

What I learned

I learned a lot about C, especially secure memory handling.

What's next for Jcrypt

I'd like to encrypt the secret key. It will take a little more work, but shouldn't be too difficult.

Built With

• c
• libsodium