bessie 0.1.0

an authenticated, chunked cipher based on BLAKE3
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

<h1>Bessie<a href="https://github.com/oconnor663/bessie/actions"><img align="right" src="https://github.com/oconnor663/bessie/workflows/tests/badge.svg"></a></h1>

[docs.rs](https://docs.rs/bessie) — [crates.io lib](https://crates.io/crates/bessie) — [crates.io bin](https://crates.io/crates/bessie_bin)

Bessie is an authenticated, chunked cipher based on
[BLAKE3](https://github.com/BLAKE3-team/BLAKE3). The [design](./design.md) has
been stable for a while, but it hasn't been audited or used in the real world
as far as I know. Use with caution.

Features and design goals:

- general-purpose authenticated encryption
- no practical limits on the number or size of messages
- internal random nonce generation, to prevent mistakes
- streaming encryption and decryption of large messages
- seekable decryption of large messages
- low overhead for small messages
- key commitment

Non-features and non-goals:

- Not formally/strongly misuse-resistant. Generating random nonces internally
  avoids a lot of common mistakes, and mixing auth tags into the stream makes
  nonce reuse somewhat less catastrophic. But nonce reuse does allow an
  attacker to mix-and-match chunks from different messages, and
  chunked/streaming constructions are also [inherently vulnerable to nonce
  reuse exploits](https://web.cs.ucdavis.edu/~rogaway/papers/oae.pdf) that
  all-at-once constructions like AES-SIV are not.
- No built-in associated data parameters. Callers who need associated data can
  mix it with their key using a KDF or a keyed hash.

Although the Bessie cipher and its library implementations are eventually
intended for production use, the `bessie` CLI tool will always be for testing
and demo purposes only. A general-purpose encryption CLI for real people needs
to support public-key encryption and various ways of encoding and managing
keys, neither of which are in scope for this project. If you are a real person
and you need a general-purpose encryption CLI, consider
[`age`](https://github.com/FiloSottile/age).

## Usage

To install the `bessie` CLI tool, which is for testing and demo purposes only:

```
cargo install bessie_bin
```

Or to build and install from this repo:

```
cargo install --path rust/bin
```

To encrypt and decrypt a 1 MB file using the all-zero key (seriously, testing
and demo purposes only):

```
head -c 1000000 /dev/urandom > myfile
bessie encrypt zero myfile myfile_enc
bessie decrypt zero myfile_enc myfile_copy
cmp myfile myfile_copy
```

To decrypt just the last byte of the encrypted file:

```
bessie decrypt zero myfile_enc myfile_last --seek=999999
```

To run tests for the whole project:

```
./test.py
```