loading...
Cover image for Protect your data with WarShield

Protect your data with WarShield

quantumsheep profile image Nathanael Demacon Updated on ・1 min read

Security has been evolving with information technology, peoples find new ways to protect your data and privacy because we need to feel secure.
Sometimes you want to go deep into security and you start to put passwords everywhere. This is why WarShield was created.

What is WarShield?

WarShield is a CLI tool made to cipher and decipher your files with a password using AES-256. It was made to ensure a full files protection inside a USB flash drive or an external hard drive. If those are lost, malicious peoples can take over your files and their data.

This is when WarShield comes with his fast and reliable solution.

How to use WarShield?

WarShield can be installed with NPM:

npm install -g warshield

After the (very) short installation, you can use the warshield CLI.

warshield (encrypt|decrypt) (file)

The first argument is encrypt or decrypt, describing the wanted action. Don't worry if you try to decrypt something that isn't encrypted, it will not do it.

Next is the file (or folder) you want to encrypt/decrypt. If it's a folder, every files in it will be processed recursively.

Launching that command will make the program asking you the password you want or need to use to encrypt or decrypt the file.

When you launch the encryption/decryption, WarShield will scan all the wanted files first. If the selected file a folder, it can take a while depending on the files weight.

WarShield on NPM: https://www.npmjs.com/package/warshield/
Github repository: https://github.com/QuantumSheep/warshield/

Thanks to 💖 this article if you enjoyed it :)

Discussion

markdown guide
 

Read the code, nice job @quantumsheep :)

I have used both aescrypt and gpg in the past, since these are usually available as standard packages in my target Linux distribution, however both have shortcomings: aescrypt is pretty raw with no output packaging format, so you have to store all the metadata elsewhere; gpg likes to manage your keys for you, which can be problematic when running in restricted environments (eg: without a home folder).

An excellent guide to using gpg or OpenSSL for command line crypto:
howtoforge.com/tutorial/linux-comm...
also demonstrates how fiddly it can be to use these raw tools.

 

Thanks!

GPG use CAST-128 which is less powerful than AES. However OpenSSL is powerful as it use AES.

OpenSSL can be a very great choice to encrypt files like WarShield do. Thanks for the link 😊

 

Thanks for your article!

I just have a question: basic instructions about security and CLI, include the following advice: never put your password in a CLI instruction because it can be sniffed thanks some tools (like ps) and even simply end in your personal history.

For example, it is advised not to put directly your mysql password when using mysql -uroot -ppassword mydatabase. It's advised to do mysql -uroot -p mydatabase and then give your password.

Indeed, isnt't it a problem that anyone can decrypt your files with a simple CTRL-R warshield in your shell?

I'm not a security expert, so I'm just asking cause I'm curious :).

 

The post isn't updated, WarShield had an update 12 days ago which fix this issue, now the password is asked in the process, outside the command :)

I'll fix the post, thanks to make me notice that!

 

On Reddit and hackr.io you say it’s 3DES, which is it? Not that I’m a security expert, but until this is peer reviewed by real security experts I’d be careful about applying it. Still, nice to know it exists! Also, how does a mere mortal select and store a 256-bit key? If correct horse battery staple is only 44 bits I’m going to need a 24 word passphrase?

 

3DES is deprecated, AES is the new data encryption standard. WarShield used 3DES in it's version 1, now it use AES-256 in version 2.
Don't worry for the passphrase, you can put any password you like :)

 

Hmmmmm interesting I think I like it....

 

Really nice job! Finally something lightweight to replace my classical gpg -c --select-cipher AES256 routine.

 

Thanks! I'm happy to see that it's useful 😊