Skip to content

timdev-ger/decure

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Decure (local MVP)

Local MVP for secure encryption with XOR shares. All shares are required to reconstruct the master key.

Features

  • XChaCha20‑Poly1305 (AEAD)
  • HKDF‑SHA256 for key derivation
  • XOR split for shares (no threshold)
  • Chunked streaming for large files
  • Server simulation for share storage
  • CLI: encrypt / decrypt / rotate

Requirements

Quick start

Encrypt

Writes the encrypted file and generates shares in a folder.

cargo run -- encrypt --input .\plain.txt --output .\sealed.bin --shares-dir .\shares --shares 15

With custom chunk size (bytes):

cargo run -- encrypt --input .\plain.txt --output .\sealed.bin --shares-dir .\shares --shares 15 --chunk-size 1048576

Decrypt

Reconstructs the master key from all shares and decrypts the file.

cargo run -- decrypt --input .\sealed.bin --output .\plain.out.txt --shares-dir .\shares

Rotate (key rotation)

Re-encrypts the data with a new master key and writes new shares.

cargo run -- rotate --input .\sealed.bin --output .\sealed.new.bin --old-shares-dir .\shares --new-shares-dir .\shares_new --shares 15

Server simulation for shares

Instead of a single shares directory, you can distribute shares across multiple local “server” folders under a root path.

Encrypt with servers

cargo run -- encrypt --input .\plain.txt --output .\sealed.bin --servers-root .\servers --servers 5 --shares 15

This creates folders like servers\server_00, servers\server_01, etc.

Decrypt with servers

cargo run -- decrypt --input .\sealed.bin --output .\plain.out.txt --servers-root .\servers

Rotate with servers

cargo run -- rotate --input .\sealed.bin --output .\sealed.new.bin --old-servers-root .\servers --new-servers-root .\servers_new --servers 5 --shares 15

Tests

cargo test

Notes

  • Without all shares, decryption is impossible.
  • Shares are sensitive, store them securely. :P
  • This repo is an MVP for file/blob encryption.
  • The MVP uses chunked streaming to avoid loading full files into memory.

About

Local MVP for secure encryption with XOR shares

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages