Skip to content
/ ion Public

WIP: ๐Ÿงฌ ion - encrypt and share large data objects.

License

Notifications You must be signed in to change notification settings

lfaoro/ion

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

74 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

๐Ÿงฌ ion - AES256/GCM encrypt and share large data objects.

End to end encrypted, if you want...

Encryption is done on your computer, your data does not hit the cloud unencrypted.

No logs except errors are being collected from cmd/server -- check it.

Your data (in its ciphered form) lives for maximum 24h in a GCS bucket.

pipeline status coverage report FOSSA Status

Quick start

# macOS
brew install lfaoro/tap/ion

# linux (WIP)
curl apionic.com/ion.sh | sh

# developers
go get -u github.com/lfaoro/ion
make install
ion -h

make test

Usage

$ ion upload genesis.txt
13.09 MiB / 1.14 GiB [>-----------------------------]   1.12% 1.72 MiB/s 11m11s
Download from: https:/s.apionic.com/nERuG_genesis.txt

$ ion download nERuG_genesis.txt
290.19 MiB / 1.14 GiB [=======>---------------------]  24.83% 5.52 MiB/s 02m38s
Downloaded: genesis.txt

$ ion encrypt --key genesis.txt
๐Ÿ”‘ Encryption-key: 238dFomyjB3wEejjoSUef97Y/k1gMib6XvVS56i4Apg=
๐Ÿ”’ Encrypted /tmp/genesis.txt

$ ion decrypt --key genesis.txt
๐Ÿ”‘ Encryption-key: 238dFomyjB3wEejjoSUef97Y/k1gMib6XvVS56i4Apg=
๐Ÿ”“ Decrypted /tmp/genesis.txt

WIP beta commands

$ ion lock 
Password: **********
Locked .config/ion/key

$ ion unlock 
Password: **********
Unlocked .config/ion/key

$ ion genesis.txt
๐Ÿงฎ Unable to decrypt using your local key
๐Ÿ”‘ Decryption-key: ***********
๐Ÿ”“ Decrypted genesis.txt

$ ion up genesis.txt -to [email protected]

Sample email

Subject: You've got data!

Body: Download your data from https://s.apionic.com/lsYuh_genesis.txt

Leading encryption standard

Authenticated Encryption with Additional Authenticated Data (AEAD) couples confidentiality and integrity. Using the most popular AEAD today: AES-GCM.

The "AES-GCM" algorithm identifier is used to perform authenticated encryption and decryption using AES in Galois/Counter Mode mode, as described in NIST SP 800-38D

ref paper: https://eprint.iacr.org/2017/168.pdf

Contributing

Any help, feedback and suggestions are very welcome and greatly appreciated. Start by opening an issue.

Motivation

It's hard to find a service one can completely trust -- everybody claims they're encrypting your data, although how can you be sure?

I believe the only way trust what happens to your data is to see exactly the steps that lead to its manipulation, encryption & storage.

ion is F/OSS -- anyone can check how data is being encrypted and handled, spot eventual issues and fix insecurities.

Compliance (WIP)

Right now lsh stores the encryption keys in a key file, located in $HOME/.config/ion with 0600 permission . Ideally we'll have the keys stored in the macOS keychain -- although I don't know if there's something comparable for Linux and Windows.

To comply with regulators you might need to generate encryption keys using a Hardware Security Module aka HSM.

ion comes with a HSM plugin for GCP and AWS. These providers offer HSM as a service.

Configure the GCP/AWS environment variables in order to activate Cloud HSM; ref: https://.

In progress: #1

License

FOSSA Status