covert
covert copied to clipboard
covert-encryption
C and Javascript implementations, mobile platforms
On our near-term roadmap (2022/Q1):
- Implement a minimal C library, sans I/O and no UI, just Covert cryptography and Archive handling. The purpose of this is to provide bindings to other languages and to allow embedding Covert encryption in non-Python applications.
- Implement a Javascript version that runs locally in browser (using existing libsodium and argon2 Javascript/Wasm ports). This allows running Covert without installing anything, while still doing all the cryptography locally, also on smartphones. As PWA it can have a launcher icon in application menu and open in its own window. To avoid servers sending malicious javascript, a build into a single HTML file that can be stored and run locally would also be useful.
As of now, iOS and Android native apps are not planned, not in house at least. These would be great projects for third party developers and definitely welcome if someone was willing to do the hard work. The benefit is being able to do cryptography, Argon2 hashing in particular, faster than what is possible with Wasm or Javascript.
We have the knowledge to do both C and JS in house but would prefer to have help with them. For Javascript in particular, a NodeJS hacker with knowledge on all web technologies could get it done much faster than we can, even though we have previously done a similar even if much simpler encryption product that runs entirely in browser.
- Implement a Javascript version that runs locally in browser (using existing libsodium and argon2 Javascript/Wasm ports).
You are welcome to look at the hat.sh and take some ideas how that is done.
- PWA
Making a progressive web app for the project should be done in late stages (when the application is stable), because handling Service-worker updates doesn't always go well for all users, for some reason.
@sh-dv That is a cool project as well! We are glad that you are contributing to open source cryptography and to show our appreciation for that you should now find a donation in your wallet 😊
I just read through your worker code and some of the UI. If you don't mind, we might just use your entire application, rather than only look at it. However, we will definitely need an external NodeJS/React developer then. Yes, we could do it ourselves but properly learning the toolchain and everything built on top of React would take too much time, while much easier to someone already well experienced with those.
In any case, many changes are still needed to support this format, like implementing the blockstream and the archive, and obviously the main feature which is to avoid any plain text headers. The good thing is that you already implement a nice UI, zxcvbn passwords, public keys and even the streaming of large files (the last two are something that our old tool did not do).
To allow strong hashing, Argon2-browser SIMD should be used instead of libsodium, and quite possibly there already are faster implementations of ChaCha20-Poly1305 too. I tried your software and it did about 50 MB/s which is certainly enough for most tasks that one might be doing in browser but a proper Wasm SIMD implementation should go plenty faster (assuming the emscripten version uses the plain C implementation of sodium rather than the SIMD ones it also has).
show our appreciation
Thank you! that's kind of you!
rather than only look at it You can do whatever you want with it. And if you have any questions about the code, i can provide all information needed.
Covert needs somethings to be ported and adjusted for sure, but that can be done, take your time.
Argon2-browser SIMD is something to look into for next versions, i just kinda wanted to stick with libsodium.
Keep working on the python project, it looks promising. Then you can make a browser prototype in JS. I can gladly help with that on github.
Good luck!