sbox is a simple, command-line, passphrase-based file encryption utility for Unix systems.

sbox derives keys from passphrases via the scrypt key derivation function [3], and then encrypts or decrypts data via the crypto_aead_chacha20poly1305 family of functions from libsodium [4].

sbox tries it's best not to damage any data if something goes wrong. For example, when writing an output file, sbox will first create a temporary file in the same directory, and then rename it to the correct name. This way, even if sbox is killed in the middle of operation (or your system suffers a power failure), the destination will never contain garbage data. The temporary file may remain in the case of such failures though.

The main reason for sbox existence is the fact that other passphrase-based encryption utilities either use inappropriate key derivation functions (e.g. openssl enc uses MD5 by default; vim -x uses SHA256 repeated 1001 times), or do not provide a way to easilly edit encrypted files (e.g. to edit an encrypted file using the scrypt utility [3], you'd need to enter your passphrase three times: once to decrypt, two more times to encrypt back).

How to fetch & install

You can obtain sbox sources either at [1], or directly via mercurial like this:

hg clone

To build sbox, make sure you have libsodium [4] installed, and simply run make in the directory with sbox sources.

How to use

usage: sbox encrypt src dst
       sbox decrypt src dst
       sbox recrypt path
       sbox cat path
       sbox test path
       sbox edit path

Please read the full manual page at [2] for a more detailed description.