Security has been evolving with information technology, peoples find new ways to protect your data and privacy because we need to feel secure.
Sometimes you want to go deep into security and you start to put passwords everywhere. This is why WarShield was created.
What is WarShield?
WarShield is a CLI tool made to cipher and decipher your files with a password using AES-256. It was made to ensure a full files protection inside a USB flash drive or an external hard drive. If those are lost, malicious peoples can take over your files and their data.
This is when WarShield comes with his fast and reliable solution.
How to use WarShield?
WarShield can be installed with NPM:
npm install -g warshield
After the (very) short installation, you can use the warshield CLI.
warshield (encrypt|decrypt) (file)
The first argument is encrypt or decrypt, describing the wanted action. Don't worry if you try to decrypt something that isn't encrypted, it will not do it.
Next is the file (or folder) you want to encrypt/decrypt. If it's a folder, every files in it will be processed recursively.
Launching that command will make the program asking you the password you want or need to use to encrypt or decrypt the file.
When you launch the encryption/decryption, WarShield will scan all the wanted files first. If the selected file a folder, it can take a while depending on the files weight.
WarShield on NPM: https://www.npmjs.com/package/warshield/
Github repository: https://github.com/QuantumSheep/warshield/
Thanks to π this article if you enjoyed it :)
Latest comments (9)
Really nice job! Finally something lightweight to replace my classical
gpg -c --select-cipher AES256routine.Thanks! I'm happy to see that it's useful π
Hmmmmm interesting I think I like it....
Thanks for your article!
I just have a question: basic instructions about security and CLI, include the following advice: never put your password in a CLI instruction because it can be sniffed thanks some tools (like ps) and even simply end in your personal history.
For example, it is advised not to put directly your mysql password when using
mysql -uroot -ppassword mydatabase. It's advised to domysql -uroot -p mydatabaseand then give your password.Indeed, isnt't it a problem that anyone can decrypt your files with a simple
CTRL-R warshieldin your shell?I'm not a security expert, so I'm just asking cause I'm curious :).
The post isn't updated, WarShield had an update 12 days ago which fix this issue, now the password is asked in the process, outside the command :)
I'll fix the post, thanks to make me notice that!
Read the code, nice job @quantumsheep :)
I have used both aescrypt and gpg in the past, since these are usually available as standard packages in my target Linux distribution, however both have shortcomings: aescrypt is pretty raw with no output packaging format, so you have to store all the metadata elsewhere; gpg likes to manage your keys for you, which can be problematic when running in restricted environments (eg: without a home folder).
An excellent guide to using gpg or OpenSSL for command line crypto:
howtoforge.com/tutorial/linux-comm...
also demonstrates how fiddly it can be to use these raw tools.
Thanks!
GPG use CAST-128 which is less powerful than AES. However OpenSSL is powerful as it use AES.
OpenSSL can be a very great choice to encrypt files like WarShield do. Thanks for the link π
On Reddit and hackr.io you say itβs 3DES, which is it? Not that Iβm a security expert, but until this is peer reviewed by real security experts Iβd be careful about applying it. Still, nice to know it exists! Also, how does a mere mortal select and store a 256-bit key? If correct horse battery staple is only 44 bits Iβm going to need a 24 word passphrase?
3DES is deprecated, AES is the new data encryption standard. WarShield used 3DES in it's version 1, now it use AES-256 in version 2.
Don't worry for the passphrase, you can put any password you like :)