# triops: a multiplatform cmdline encryption tool using CHACHA + KECCAK

I’ve developed in C a simple command line tool for encryption/decryption of files, which I have named triops.

It uses CHACHA20 as algorithm for encryption/decryption and KECCAK-512 as hash algorithm.

Source code is available at github.

Executables for some platforms (linux, Windows, HP-UX, Solaris, and Android) are available here. For latest code changes, check github.

Though the code has been thoroughly tested and checked, I must say of course that “This software is provided as-is with no particular or general promise of operation for any application“.

Features:

• Code can be compiled with any C99 compiler, no matter platform, endianness or word size (32-64 bits): it has been tested on Windows, linux, Android, Solaris, HP-UX OS’s and Intel/AMD, MIPS, ARM and Itanium processors.
• Same content produces different encrypted outputs every time. This is attained with a random initialization vector (IV) stored within the encrypted file.
• Files are (by default) encrypted/decrypted on-the-fly, so content is overwritten. This is interesting from a security point of view, as no clear content is left on disk.
• When decrypting, if password is not the one used for encrypting, the process is aborted, so the file cannot be rendered unusable. This behaviour is achieved thanks to a password hint stored within the encrypted file. (This hint can optionally not be stored: in this case the file could end up being decrypted with an incorrect password, so its contents would be irrecoverable.)
• Mentioned hint used to check that the password for decryption is correct is *not* the same used to encrypt (obviously!). Separate hashes are used for both purposes, though both are derived via different ways from the password and IV, using some 500-1000 concatenated KECCAK hashes.
• Open file format: see this post.
• File modification time is maintained. File dates are important!
• Encrypted files are appended the extension .ooo to filename, so they can be recognized. (Yeah, it mimics the three eyes of a triops)
• Password can be obtained from keyboard, command line or from a file. Caution: usually text files end with a [return] (line feed, \n, \r\n, \r) which will be used as the rest of chars in the file as part of the password. (Use $cat > password + Ctrl+D to avoid this). Also note that there’s a limit on the number of characters that will be read from the file… that’d be about two hundred chars at least (!). • Any file can be used as password (from v7.2): for example jpg images, etc. Caution: do not lose this ‘password’ file and do not modify it! • From v9.0, files can be managed from stdin and to stdout on-the-fly. This has been achieved at the cost that files encrypted with version < 9.0 can be decrypted with greater versions, but in general files encrypted with version >=9.0 cannot be decrypted with previous versions. It’s not that the format has changed so much, it’s just that previous versions don’t expect things the way v9.0 write them to be “cmdline-pipe-safe”. • Speed is extremely high, as CHACHA20 is a very fast encryption algorithm: it is as fast as RC4. • Reduced program size: < 100 kiB on all platforms. • from v7.2: binary files can be used as passwords: for example jpg images, etc. Caution: do not lose this ‘password’ file and do not modify it! (Note that provided executables are v7.1). • from v7.3: no limit on the size of files read/written (up to 8 EiB = 2^63 bytes, or the max filesystem file size). • easily portable to Android as a JNI library. Check “ANDROID_LIBRARY” in the source code. • Licensed as GPL v3. Known limitations: • Previous to v7.3 files greater than 2 GiB (4 GiB in Windows) could not be managed. Compilation on linux with gcc: a one-line (purported) “Makefile” file is provided:$ bash Makefile

For other compilers or platforms, modify the gcc command line contained in the Makefile file as convenient.

Please see github repository for more compiling instructions if needed.

Examples of use:

$./triops.exe -h triops v9.0. (goo.gl/lqT5eP) (wp.me/p2FmmK-7Q) Encrypt and decrypt files with secure password checking and data overwriting, using CHACHA20 and KECCAK-512 algorithms.$ triops {-kpP} [-oOiedHbh] <file> …

<file> … : one or more files to encrypt/decrypt
If no file is indicated, stdin is used.
-k : read passphrase from keyboard
(beware of shell history!)
-o <output_file>: do not overwrite, but write to <output_file>
-O : write output to stdout.
-o or -O options aren’t possible with multiple input files.
-i <file> : input file (do not indicate more files at the end)
-e <type>: encrypt.
Actually only ‘-e 3’ is allowed
File extension will be ‘.ooo’ (‘.$#3’ for triops < v9.0) Other algorithms could be available in the future. -d : decrypt. This is the default action. -H : do not store password hint when encrypting Note that this way, an incorrect decryption password with data overwrting, will render the file unusable. -b : break actions on first error encountered -h : print this help Example of encryption: encrypt plaintext.txt file, overwriting it, using password stored in file “password.txt”. Resulting file will be renamed plaintext.txt.$#3

$triops -P password.txt -e 3 plaintext.txt Example of encryption: encrypt plaintext.txt file on encryptedtext.txt.$#3, using password stored in file “password.txt” (Caution: usually text files end with a [return] (line feed, \n, \r\n, \r) which will be used as the rest of chars in the file as part of the password. (Use $cat > password + Ctrl+D to avoid this)):$ triops -P password.txt -e 3 -o encryptedtext.txt plaintext.txt

Example of encryption: encrypt complexdata.tgz file, overwriting it, using the password introduced with keyboard:

$triops -k -e 3 complexdata.tgz Enter password and press [enter]: —-+—-+—-+—-+—1/2—+—-+—-+—-+—-+ 1293 MiB ################################# 100% completed Example of encryption: encrypt plaintext.txt file, overwriting it, using the password “go_triops”:$ triops -p go_triops -e 3 plaintext.txt

Example of decryption: decrypt plaintext.txt.ooo file, overwriting it, using the password “go_triops”:

$triops.exe -p go_triops plaintext.txt.ooo Example of encryption without storing password hash (-H):$ triops -k -H -e 3 plaintext.txt

Testing the app on-the-fly using stdin and stdout (using -O to send output to stdout, and no input file: so input is read from stdin):

$cat bigDataFile | triops -P password.tiff -e 3 -O | triops -P password.tiff -O | md5sum Algorithms are based on reference implementation of CHACHA20 implemented by algorithm’s creator (D. J. Bernstein), and the implementation of KECCAK made by Thomas Pornin. Both can be found at this website: http://hyperelliptic.org/ebats/supercop-20141124.tar.bz2 \supercop-20141124\crypto_stream\chacha20\e\ref\ \supercop-20141124\crypto_hash\keccakc512\sphlib\ CHACHA20 algorithm has been tested against test vectors found here: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04#section-7 http://tools.ietf.org/html/draft-nir-cfrg-chacha20-poly1305-04#appendix-A.2 KECCAK algorithm has been tested against test vectors found here: http://keccak.noekeon.org/KeccakKAT-3.zip \KeccakKAT\ShortMsgKAT_512.txt btw, Triops is a genus of small crustaceans in the order Notostraca (tadpole shrimp). Some species are considered living fossils, with a fossil record that reaches back to the late Carboniferous, . [Text and image extracted from wikipedia] Advertisements ## 11 thoughts on “triops: a multiplatform cmdline encryption tool using CHACHA + KECCAK” 1. André Dussault says: Has anyone tried to compile TRIOPS using VisualStudio 2013? I tried and changed the #undef WINDOWS_PLATFORM for #define WINDOWS_PLATFORM And tne I started to get a considerable number of errors…. Just from the triops.h file • Hi André, No, It’s not been coded with VisualStudio in mind… It’s more gcc oriented: in fact it compiles with gcc in Windows. Perhaps the errors come from windef.h in which there’re a lot of (re)definitions that VS probably dislikes: try not to use that file and see what happens, if VS is a must. (Remember also that there are binaries available for a lot of platforms.) • André Dussault says: Thank you for the advice. I currently am moving to use MinGC. I am left to correctly use the accompanying Makefile. Any hints about that? Please. • it’s not a true “Makefile”: it’s just the command line you need to compile triops – you can just execute it directly: gcc -iquote . triops.c -I chacha20 -I chacha20/e -I chacha20/include chacha20/chacha.c chacha20/api.c -I keccak keccak/hash.c keccak/keccak.c -o triops.exe -O3 • André Dussault says: It was not llokink like a standard make. Right. Thank you for the input. I am reinstalling my computer because of the newer Win10 which caused a huge bug… :) • André Dussault says: Hello again, The reason for my interest in the triops project is for DECRYPTING Triops-encrypted files. The decryption will be made on a microcontroller platform. It will be a 32-bit microcontroller, the Microchip PIC32MX. The main interest is to make the decrypter as “small” as possible in terms of RAM and ROM. In that respect, would you have suggestions or even a version of Triops that would be smaller? I understand very well that that approach would make the code run slower but it is not of major concern in my case. Thanking you in advance, AD • Hi André, That seems a very interesting project :-) I’m wondering what the final use could be! I do not have experience with microcontrollers, so I’m not sure if rom&ram will be enough, or if you’ll be able to compile triops at all, even though it has pretty reduced needs as for libraries used. Anyway, if you’re able to compile and run it ( and I hope so! :-) to reduce code size, you should try “-Os” if the compiler allows that. The code can be reduced if you’re not going to use keyboard input, removing the final code in triops.c (// specific *nix keyboard and screen functions,…) and emptying obtainPasswordFromKeyboard(). You can also get rid of getopt() replacing its while{} loop in main() with a simple for{} loop, if you’re able to just pass parameters in a fixed order. But this work depends on how much ROM available do you have… As decryption and encryption use the same code, there’s no way to reduce code there, even if only goal is decryption. Regarding RAM use, you can reduce the definition of BUFFERSIZE from 16384 to just 128 or any multiple of 64 above this (I haven’t test this, but afaik it’d be safe). Good news is that CHACHA20 is extremely fast, so you’ll have almost the fastest decryption that can be compiled in that platform (excluding firmware/cpu embedded algorithms in case they exist there). Also, I’d like to tell you that I’m preparing a new version of triops that can directly encrypt/decrypt using stdin/stdout. I don’t know if this could be useful for your project: Actually this cannot be done, and the only available input are files. This will surely means that the code might grow a little (< 5 kiB), and though the files already encrypted with previous versions will be decrypted without problem with the new version (not from stdin, though, only as files), the files encrypted with the new version will not be backwards compatible… This feature make triops much more usable from cmdline and funny. For example, it'll allow on-the-fly tests like this:$ cat bigfile | triops -e 3 -P passwd.txt -O | triops -d -P passwd.txt -O | md5sum

• André Dussault says:

Thank you again for the comments. I will take care to examine them all.I will nkt be running «in circulos» :-)
I have already started trying to compile the Triops code in the PIC32 environment. Obviously the file and screen procedures are being eliminated. principally because it will be a completely self-contained application and the input file will be stored in Flash EEPROM but the result will be programmed into the processor’s Flash memory.

All of the “printf” will eventually be eliminated.

I am currently struggling to get the important defines to align with the PIC32 compiler.

Anyway, it may be interesting to see how much code I will be able to make it to stand in at the end. That is the main problem I have to overcome. Yes chacha is very small but I have to see how much more the hash functions will add.

I will keep you posted.