sbox is a simple, command-line, passphrase-based file encryption utility for Unix systems.
sbox derives keys from passphrases via the
scrypt key derivation function , and then encrypts or decrypts data via the
crypto_aead_chacha20poly1305 family of functions from
sbox tries it's best not to damage any data if something goes wrong. For example, when writing an output file,
sbox will first create a temporary file in the same directory, and then rename it to the correct name. This way, even if
sbox is killed in the middle of operation (or your system suffers a power failure), the destination will never contain garbage data. The temporary file may remain in the case of such failures though.
The main reason for
sbox existence is the fact that other passphrase-based encryption utilities either use inappropriate key derivation functions (e.g.
openssl enc uses MD5 by default;
vim -x uses SHA256 repeated 1001 times), or do not provide a way to easilly edit encrypted files (e.g. to edit an encrypted file using the
scrypt utility , you'd need to enter your passphrase three times: once to decrypt, two more times to encrypt back).
You can obtain
sbox sources either at , or directly via mercurial like this:
hg clone http://hg.tx97.net/sbox/
sbox, make sure you have
libsodium  installed, and simply run
make in the directory with
usage: sbox encrypt src dst sbox decrypt src dst sbox recrypt path sbox cat path sbox test path sbox edit path
Please read the full manual page at  for a more detailed description.