CatArmor
CatArmor is a powerful Command-Line Interface (CLI) utility designed for secure, symmetric file encryption and decryption. It uses pyca/cryptography for encryption, pydantic for validation, cyclopts for argument parsing, multiprocessing for parallel processing, and pytest for testing.
Supported Ciphers
- AES
- Camellia
- ChaCha20
- SM4
Supported Key Derivation Functions (KDFs):
- Argon2id
- PBKDF2HMAC
- Scrypt
Supported Hash Algorithms (for HMAC/KDF):
- SHA1
- SHA512_224
- SHA512_256
- SHA224
- SHA256
- SHA384
- SHA512
- SHA3_224
- SHA3_256
- SHA3_384
- SHA3_512
- SHAKE128
- SHAKE256
- MD5
- BLAKE2b
- BLAKE2s
- SM3
$ catarmor --help
Usage: catarmor COMMAND
╭─ Commands ────────────────────────────────────────────────────────────────────────╮
│ decrypt Decrypt one or more catarmor files. │
│ encrypt Encrypt one or more files using a password and a symmetric encryption │
│ algorithm. │
│ --help -h Display this message and exit. │
│ --version Display application version. │
╰───────────────────────────────────────────────────────────────────────────────────╯$ catarmor encrypt --help
Usage: catarmor encrypt [ARGS] [OPTIONS]
Encrypt one or more files using a password and a symmetric encryption algorithm.
╭─ Parameters ──────────────────────────────────────────────────────────────────────╮
│ * SOURCE --source --empty-source -i The file(s) or directory to encrypt. If a │
│ directory is specified, all files within │
│ the directory will be encrypted. │
│ [required] │
│ * DEST --dest -o The output file or directory. If a │
│ directory is specified, the encrypted │
│ files will retain the same directory │
│ structure as the source. [required] │
│ PASSWORD --password -p The password used to derive encryption and │
│ HMAC keys. If not specified, the password │
│ will be prompted for. [default: ] │
│ JOBS --jobs -j The number of parallel processes to use. │
│ If 0, the number of available CPU cores │
│ will be used. [default: 4] │
│ FORCE --force --no-force -f Overwrite existing file(s). [default: │
│ False] │
│ CIPHER --cipher The symmetric encryption algorithm for │
│ encrypting the file contents. [choices: │
│ aes, camellia, chacha20, sm4] [default: │
│ aes] │
│ HMAC --hmac The cryptographic hash function for │
│ message authentication (HMAC). [choices: │
│ sha1, sha512-224, sha512-256, sha224, │
│ sha256, sha384, sha512, sha3-224, │
│ sha3-256, sha3-384, sha3-512, shake128, │
│ shake256, md5, blake2b, blake2s, sm3] │
│ [default: sha512] │
│ KDF --kdf The key derivation function for deriving │
│ the encryption and HMAC keys from the │
│ input password. [choices: argon2id, │
│ pbkdf2hmac, scrypt] [default: argon2id] │
│ KEY-LENGTH --key-length The length of the derived key in bytes. │
│ Use 0 to automatically select the best key │
│ length. [default: 0] │
│ SALT-LENGTH --salt-length The length of the salt in bytes. │
│ Recommended to be at least 16 bytes. │
│ [default: 32] │
│ PARALLEL-KDFS --parallel-kdfs [default: 1] │
│ ARGON2-ITERATIONS Also known as passes, this is used to tune │
│ --argon2-iterations the running time independently of the │
│ memory size. [default: 1] │
│ ARGON2-LANES --argon2-lanes The number of lanes (parallel threads) to │
│ use. Also known as parallelism. [default: │
│ 4] │
│ ARGON2-MEMORY --argon2-memory The amount of memory to use in kibibytes. │
│ 1 kibibyte (KiB) is 1024 bytes. This must │
│ be at minimum 8 * lanes. [default: │
│ 2097152] │
│ PBKDF2-ALGORITHM The hash algorithm to use. [choices: sha1, │
│ --pbkdf2-algorithm sha512-224, sha512-256, sha224, sha256, │
│ sha384, sha512, sha3-224, sha3-256, │
│ sha3-384, sha3-512, shake128, shake256, │
│ md5, blake2b, blake2s, sm3] [default: │
│ sha3-512] │
│ PBKDF2-ITERATIONS The number of iterations to perform of the │
│ --pbkdf2-iterations hash function. This can be used to control │
│ the length of time the operation takes. │
│ Higher numbers help mitigate brute force │
│ attacks against derived keys. [default: │
│ 1000000] │
│ SCRYPT-N --scrypt-n CPU/Memory cost parameter. It must be │
│ larger than 1 and be a power of 2. │
│ [default: 1048576] │
│ SCRYPT-R --scrypt-r Block size parameter. [default: 8] │
│ SCRYPT-P --scrypt-p Parallelization parameter. [default: 1] │
│ LOGFILE --logfile │
╰───────────────────────────────────────────────────────────────────────────────────╯