libencio 0.1 - stdio-like encryption layer

Mario Juric <mjuric@astro.princeton.edu>

last updated December 11, 2004

What is libencio?

libencio is a library providing stdio-like interface for reading and writing of encrypted files in MCrypt format. Additionally, through creation of an "index", libencio provices full support for fseek()-like random read access of encrypted data. This allows one to operate on MCrypt-encrypted files as if they were ordinary, cleartext files. Things like this:

#include <stdio.h>
#include "encio.h"

int main(int argc, char **argv)
{
  ENCFILE *ef;
  char buf[1000];
  char *passphrase = argv[1];
  char *output = argv[2];

  ef = enc_fopen(output, "wb", passphrase);

  while(!feof(stdin))
  {
    int nread = fread(stdin, 1, buf, 1000)
    enc_fwrite(ef, 1, buf, nread);
  }

  enc_fclose(ef);
}

or this

#include <stdio.h>
#include "encio.h"

int main(int argc, char **argv)
{
  ENCFILE *ef;
  char buf[101] = {0};
  char *passphrase = "acomplicatedpassphrase";

  ef = enc_fopen("test.txt.nc", "rb", passphrase);
  enc_add_index(ef, "test.txt.ix", passphrase, INDEX_LOAD | INDEX_CREATE | INDEX_SAVE);

  enc_fread(ef, 1, buf, 100);
  printf("First 100 bytes of the file: %s", ef);

  enc_fseek(ef, -100, SEEK_SET);
  enc_fread(ef, 1, buf, 100);
  printf("Last 100 bytes of the file: %s", ef);

  enc_fclose(ef);
}

become possible.

The main motivation for this library was to create code for easy random access of encrypted data for a project I'm working on. This is a preliminary, proof-of-concept release, able to seek/encrypt/decrypt to MCrypt format only and with symmetric encryption algorithms only. The final goal is to implement reading, writing and seeking of data in OpenPGP format, with support for public key algorithms. As it's an open question how much time will I have to continue working on it, I'm putting it out in case someone finds it useful. I will, however, accept patches and bugfixes.

A library like this one can be used to provide MUAs (mail readers) with a layer to transparently handle encrypted attachments, or, more interestingly, as a backend to software such as ffmpeg or mplayer to directly play encrypted files without making temporary, decrypted copies. Another use would be to combine it with tar archives for encrypted backups, like duplicity does. A KDE IO-Slave can also be envisioned.

libencio uses libmcrypt and libmhash libraries for encryption and hashing algorithms, respectively. I've chosen these two mostly for their simple API. In the future, a transition to libgcrypt is likely, due to its wider userbase.

Obtaining the code

You are invited to download the code from here.

Browsing the source

You can browse the unpackaged source code of the latest release here.

Manual

The manual is available in a variety of formats from here. The HTML, texinfo and plaintext versions are included in the distribution in the doc/ directory. To jump directly to the single-page HTML manual, click here.

License

This code is distributed under the terms of the GNU General Public License.