Filippo Valsorda, tus kws tshaj lij crypto ua lub luag haujlwm rau kev ruaj ntseg ntawm Go programming lus ntawm Google, tau tshaj tawm thawj qhov kev tso tawm ruaj khov ntawm cov ntaub ntawv tshiab encryption siv hluav taws xob, Hnub Nyoog (Tswj Zoo Zoo Encryption). Lub tshuab hluav taws xob muab cov kab lus hais kom yooj yim rau kev nkag siab cov ntaub ntawv siv symmetric (password) thiab asymmetric (public key) cryptographic algorithms. Txoj haujlwm code yog sau rau hauv Go thiab faib raws li BSD daim ntawv tso cai. Kev tsim yog npaj rau Linux, FreeBSD, macOS thiab Windows.
Cov haujlwm yooj yim suav nrog hauv lub tsev qiv ntawv uas tuaj yeem siv los ua ke cov haujlwm ua haujlwm tau muab los ntawm kev siv hluav taws xob rau hauv koj cov haujlwm. Cais, nyob rau hauv lub moj khaum ntawm txoj kev npau taws, ib qho kev siv lwm txoj kev zoo sib xws thiab cov tsev qiv ntawv, sau ua lus Rust, tab tom tsim. Rau encryption, pov thawj algorithms yog siv: HKDF (HMAC-based Extract-and-Expand Key Derivation Function), SHA-256, HMAC (Hash-based Message Authentication Code), X25519, Scrypt thiab ChaCha20-Poly1305 AEAD.
Ntawm cov yam ntxwv ntawm Hnub Nyoog, cov hauv qab no sawv tawm: kev muaj peev xwm siv cov yuam sij 512-ntsis cov pej xeem, yooj yim pauv ntawm cov ntawv teev cia; yooj yim hais kom ua kab interface tsis overloaded nrog kev xaiv; tsis muaj configuration ntaub ntawv; Muaj peev xwm siv cov ntawv sau thiab ua ke nrog lwm cov khoom siv los ntawm kev tsim cov saw hlau hu hauv UNIX style. Ob leeg tsim koj tus kheej cov yuam sij compact thiab siv cov yuam sij SSH uas twb muaj lawm ("ssh-ed25519", "ssh-rsa") tau txais kev txhawb nqa, suav nrog kev txhawb nqa rau Github.keys cov ntaub ntawv. $ age-keygen -o key.txt Public key: age1ql3z7hjy58pw3hyww5ayyfg7zqgvc7w3j2elw2zmrj2kg5sfn9bqmcac8p $tar cvz ~/data | age -r age1ql3z7hjy58pw3hyww5ayyfg7zqgvc7w3j2elw2zmrj2kg5sfn9bqmcac8p > data.tar.gz.age $ age --decrypt -i key.txt data.tar.gz.age > data.tar.gz $25519pub.jpg ~/example -25519. > example.jpg.age $ age -d -i ~/.ssh/id_edXNUMX example.jpg.age > example.jpg
Muaj cov ntaub ntawv encryption hom rau ntau tus neeg tau txais ib zaug, nyob rau hauv uas cov ntaub ntawv yog ib txhij encrypted siv ob peb pej xeem yuam sij thiab txhua daim ntawv teev cov neeg txais yuav decrypt nws. Cov cuab yeej kuj tau muab rau kev sib koom ua ke ntawm tus password-raws li cov ntaub ntawv encryption thiab tiv thaiv cov ntaub ntawv tseem ceeb los ntawm kev encrypting lawv siv tus password. Ib qho tseem ceeb feature yog tias yog tias koj nkag mus rau ib lo lus zais dawb paug thaum lub sij hawm encryption, cov nqi hluav taws xob yuav cia li tsim thiab muab tus password muaj zog. $ age -p secrets.txt > secrets.txt.age Sau passphrase (tso tseg rau autogenerate ib tug ruaj ntseg): Siv cov autogenerated passphrase "tso- teb-step-brand-wrap-ankle-pair-unusual-sword-train" . $ age -d secrets.txt.age > secrets.txt Sau passphrase: $ age-keygen | Hnub nyoog -p> key.age.age Public: Age1YHM4GFTWFMRPZ87TDSLM530WRX6M79YY9F2HDZTAHNEHNEHNEHNEHNEHPQRJPYX0 ENTER PASSPHRASE (Tawm Empty to Autogenate aCure One): Siv "Autogened Passphrase-WASTOR-E-Password" - INPUT-Actress".
Cov phiaj xwm rau yav tom ntej suav nrog kev tsim cov backend rau khaws cov passwords thiab lub server rau cov yuam sij sib koom (PAKE), kev txhawb nqa rau YubiKey cov yuam sij, muaj peev xwm tsim cov yuam sij yooj yim-rau-nco hauv daim ntawv ntawm cov lus, thiab kev tsim. ntawm lub hnub nyoog-mount utility rau mounting encrypted cov ntaub ntawv los yog archives nyob rau hauv lub FS.
Tau qhov twg los: opennet.ru