-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 9a65665
Showing
29 changed files
with
1,380 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# To get started with Dependabot version updates, you'll need to specify which | ||
# package ecosystems to update and where the package manifests are located. | ||
# Please see the documentation for all configuration options: | ||
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | ||
|
||
version: 2 | ||
updates: | ||
# Maintain dependencies for GitHub Actions | ||
- package-ecosystem: "github-actions" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
|
||
# Maintain dependencies for the backend | ||
- package-ecosystem: "gomod" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
name: release | ||
|
||
# Publish new release on new tag push | ||
on: | ||
push: | ||
tags: | ||
- '*' | ||
|
||
jobs: | ||
release: | ||
name: Release | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/setup-go@v2 | ||
|
||
- uses: actions/checkout@v2 | ||
|
||
- uses: goreleaser/goreleaser-action@v2.4.1 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }} | ||
with: | ||
version: latest | ||
args: release --rm-dist |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
name: test | ||
|
||
on: [push, pull_request] | ||
|
||
jobs: | ||
build-test: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
# Setup Golang | ||
- uses: actions/setup-go@v2 | ||
|
||
# Cache | ||
- uses: actions/cache@v2 | ||
with: | ||
path: ~/go/pkg/mod | ||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | ||
restore-keys: | | ||
${{ runner.os }}-go- | ||
# Build and test | ||
- run: make build test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
**/.DS_Store | ||
*.pid | ||
*.sublime* | ||
.idea/ | ||
.vscode/ | ||
coverage | ||
coverage.out | ||
lastupdate.tmp | ||
*.bin | ||
dist/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
project_name: covert | ||
release: | ||
github: | ||
owner: covert | ||
name: covert | ||
name_template: 'Release {{.Tag}}' | ||
before: | ||
hooks: | ||
- go mod download | ||
builds: | ||
- binary: covert | ||
env: | ||
- CGO_ENABLED=0 | ||
- GO111MODULE=on | ||
ldflags: -s -w -X main.GitCommit={{ .ShortCommit }} -X main.BuildDate={{ .Timestamp }} | ||
goos: | ||
- linux | ||
- darwin | ||
- windows | ||
goarch: | ||
- 386 | ||
- amd64 | ||
- arm | ||
- arm64 | ||
goarm: | ||
- 7 | ||
archives: | ||
- name_template: '{{.ProjectName}}-{{.Tag}}-{{.Os}}-{{.Arch}}{{if .Arm}}{{.Arm}}{{end}}' | ||
replacements: | ||
darwin: darwin | ||
linux: linux | ||
windows: windows | ||
amd64: amd64 | ||
arm: arm | ||
arm64: arm64 | ||
format: tar.gz | ||
format_overrides: | ||
- goos: windows | ||
format: zip | ||
files: | ||
- LICENSE | ||
- README.md | ||
checksum: | ||
name_template: 'checksums.txt' | ||
algorithm: sha256 | ||
snapshot: | ||
name_template: "{{ .Tag }}-next" | ||
changelog: | ||
sort: asc | ||
filters: | ||
exclude: | ||
- '^tests:' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
build: | ||
go build -o dist/covert-darwin-arm cmd/*.go | ||
|
||
test: | ||
go fmt ./... | ||
go test -v ./... -coverprofile=coverage.out | ||
|
||
coverage: | ||
go tool cover -html=coverage.out |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
# Covert | ||
|
||
Covert is a deniable encryption software. | ||
|
||
## Disclaimer | ||
|
||
Covert is an early stage **research prototype** and comes with absolutely **no warranty**. | ||
|
||
## Description | ||
|
||
"In cryptography and steganography, plausibly deniable encryption describes encryption techniques where | ||
the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove | ||
that the plaintext data exists." – [Wikipedia](https://en.wikipedia.org/wiki/Deniable_encryption) | ||
|
||
## Scenario | ||
|
||
Deniable encryption allows the sender of an encrypted message to deny sending that message. This requires a trusted | ||
third party. A possible scenario looks like this: | ||
|
||
Bob needs to travel to a country with a legislation that requires individuals to surrender cryptographic keys to law | ||
enforcement. That being the case, Bob wants to keep his private data out of their eyes, to protect his privacy. He | ||
creates two keys, one intended to be kept secret, the other intended to be sacrificed. | ||
|
||
Bob constructs an innocuous message M1 (intended to be revealed to the police in case of discovery) and another one, | ||
containing the personal data M2 he does not want anyone to know about. | ||
|
||
He constructs a cipher-text C out of both messages, M1 and M2, stores it on his device. | ||
|
||
Bob travels to the country, passes the border control and later uses his key to decrypt M2 (and possibly M1, in order | ||
to read the fake message, too). | ||
|
||
The police arrest Bob at the border control and finds the encrypted blob on his device, becomes suspicious and forces | ||
Bob to decrypt the message. | ||
|
||
Bob uses the sacrificial key and reveals the innocuous message M1 to the police. Since it is impossible for the police | ||
to know for sure that there might be other messages contained in C, they might assume that there are no other messages. | ||
|
||
## Goals | ||
|
||
Bear in mind this project was created with the _requirements_ below in mind, it may not suit your use case. | ||
|
||
### Requirements | ||
|
||
* Use known and proven cryptographic algorithms (AES-256, PBKDF2) and libraries. | ||
* The system must be mathematically indecipherable without the key. | ||
* The mechanism should not require secrecy, and it should not be a problem if it falls into enemy hands. | ||
* An adversary cannot prove concealed content exists without observing the program's execution during encryption. | ||
* Portable, without any system dependencies (statically linked binaries). | ||
* Does not require kernel or userspace filesystems. | ||
|
||
## Documentation | ||
|
||
All the documentation lives in the `docs` folder. | ||
|
||
- [usage](docs/usage.md) | ||
- [approach](docs/approach.md) | ||
|
||
## License | ||
|
||
GNU General Public License version 3. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
package main | ||
|
||
import ( | ||
"errors" | ||
"flag" | ||
"fmt" | ||
"os" | ||
) | ||
|
||
var usage = `usage: covert [--version] [--help] | ||
encrypt - encrypt the given file(s) into a series volume, you can specifie as many -in/-key pair as you need. | ||
-in name of the file to be encrypted | ||
-key secret key to use to encrypt the data | ||
example: encrypt -in example.txt -key my-secret-key | ||
decrypt - search for a volume matching the given key and output the data to a file if found. | ||
example: decrypt -out example.txt -key my-secret-key | ||
` | ||
|
||
func main() { | ||
if err := root(os.Args[1:]); err != nil { | ||
fmt.Println("\nError:", err) | ||
os.Exit(1) | ||
} | ||
|
||
flag.Bool("help", false, "display the usage") | ||
flag.Bool("version", false, "display the version") | ||
flag.Parse() | ||
} | ||
|
||
type Runner interface { | ||
Init([]string) error | ||
Name() string | ||
Validate() error | ||
Run() error | ||
} | ||
|
||
func root(args []string) error { | ||
if len(args) < 1 { | ||
return errors.New(usage) | ||
} | ||
|
||
fmt.Println(args) | ||
|
||
subcommand := args[0] | ||
|
||
cmds := []Runner{ | ||
NewEncryptCmd(), | ||
NewDecryptCmd(), | ||
} | ||
|
||
for _, cmd := range cmds { | ||
if cmd.Name() == subcommand { | ||
var err error | ||
err = cmd.Init(args[1:]) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
err = cmd.Validate() | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return cmd.Run() | ||
} | ||
} | ||
|
||
return fmt.Errorf("unknown subcommand: %s", subcommand) | ||
} |
Oops, something went wrong.