sbox is a simple, command-line, passphrase-based file encryption utility for Unix systems.
sbox derives keys from passphrases via the scrypt key derivation function [3], and then encrypts or decrypts data via the crypto_aead_chacha20poly1305 family of functions from libsodium [4].
sbox tries its best not to damage any data if something goes wrong. For example, when writing an output file, sbox will first create a temporary file in the same directory, and then rename it to the correct name. This way, even if sbox is killed in the middle of operation (or your system suffers a power failure), the destination will never contain garbage data. The temporary file may remain in the case of such failures though.
The main reason for sbox existence is the fact that other passphrase-based encryption utilities either use inappropriate key derivation functions (e.g. openssl enc uses MD5 by default; vim -x uses SHA256 repeated 1001 times), or do not provide a way to easilly edit encrypted files (e.g. to edit an encrypted file using the scrypt utility [3], you’d need to enter your passphrase three times: once to decrypt, two more times to encrypt back).
You can obtain sbox sources either at [1], or directly via mercurial like this:
hg clone http://hg.tx97.net/sbox/To build sbox, make sure you have libsodium [4] installed, and simply run make in the directory with sbox sources.
usage: sbox encrypt src dst
sbox decrypt src dst
sbox recrypt path
sbox cat path
sbox test path
sbox edit pathPlease read the full manual page at [2] for a more detailed description.
sbox is stable, useful, and essentially done.