Xipher

Secure asymmetric encryption with password-based keys

Overview

Xipher is a curated collection of cryptographic primitives designed for secure password-based asymmetric encryption. It enables secure data sharing between parties over insecure channels using password-derived public keys, combining modern cryptography with post-quantum security.

Features

• 🔐 Asymmetric Encryption: Encrypt data with public keys derived from passwords
• 📦 Stream Processing: Built-in compression and streaming for memory efficiency
• 🛡️ Post-Quantum Security: Optional Kyber1024 algorithm support
• 🌐 Multi-Platform: CLI, Go library, Web Assembly, and web interface
• ⚡ Performance: Optimized for both small and large data encryption
• 🔧 Easy Integration: Simple APIs for developers

Quick Start

Installation

CLI Tool

Homebrew (macOS):

brew install shibme/tap/xipher

Install Script (Linux/macOS):

# Latest version
curl -fsSL https://xipher.org/install/install.sh | sh

# Specific version  
curl -fsSL https://xipher.org/install/install.sh | sh -s v1.17.0

Install Script (Windows):

# PowerShell (latest version)
irm https://xipher.org/install/install.ps1 | iex

# PowerShell with specific version
$v="1.17.0"; irm https://xipher.org/install/install.ps1 | iex

Binary Download: Download from releases page

Docker:

docker run --rm -v $PWD:/data -it shibme/xipher help

Go Package

go get -u xipher.org/xipher

Basic Usage

CLI Example

Go Package Example

package main

import (
	"encoding/base32"
	"fmt"
	"xipher.org/xipher"
)

func main() {
	// Create secret key from password
	secretKey, err := xipher.NewSecretKeyForPassword([]byte("your-secure-password"))
	if err != nil {
		panic(err)
	}

	// Derive public key
	publicKey, err := secretKey.PublicKey(false)
	if err != nil {
		panic(err)
	}

	// Encrypt data
	plaintext := []byte("Hello, World!")
	ciphertext, err := publicKey.Encrypt(plaintext, true)
	if err != nil {
		panic(err)
	}

	// Decrypt data
	decrypted, err := secretKey.Decrypt(ciphertext)
	if err != nil {
		panic(err)
	}

	fmt.Printf("Original: %s\n", plaintext)
	fmt.Printf("Decrypted: %s\n", decrypted)
}

Usage Scenarios

Web Interface

Experience Xipher directly in your browser at xipher.org

Workflow:

1. Receiver opens Xipher web app → generates key pair (stored in browser)
2. Receiver shares the public key URL with sender
3. Sender opens encryption URL → inputs data → gets encrypted result
4. Sender shares ciphertext with receiver
5. Receiver decrypts using stored private key

sequenceDiagram
participant RX as Xipher<br>(Browser)
actor R as Receiver
actor S as Sender
participant SX as Xipher<br>(Browser)
    R-->>+RX: Opens app
    RX-->>RX: Generate keys
    RX-->>-R: Public key URL
    R->>+S: Share URL
    S-->>+SX: Open URL & encrypt
    SX-->>-S: Ciphertext
    S->>-R: Send ciphertext
    R-->>+RX: Decrypt
    RX-->>-R: Plaintext

Loading

GitHub Actions Integration

steps:
- name: Setup Xipher
  uses: shibme/xipher@v1
  with:
    version: 1.17.0  # optional

Host Your Own Web Interface

name: Publish Xipher Web
on:
  workflow_dispatch:
jobs:
  pages:
    uses: shibme/xipher/.github/workflows/pages.yaml@main

Web Assembly

<html>
<head>
	<meta charset="utf-8"/>
	<script src="https://xipher.org/wasm/wasm_exec.js"></script>
	<script>
		const go = new Go();
		WebAssembly.instantiateStreaming(
			fetch("https://xipher.org/wasm/xipher.wasm"), 
			go.importObject
		).then((result) => {
			go.run(result.instance);
		});
	</script>
</head>
<body>
	<!-- Call methods starting with 'xipher', e.g., xipherNewSecretKey() -->
</body>
</html>

Technical Details

Cryptographic Algorithms

• Key Derivation: Argon2id for secure password hashing
• Elliptic Curve: Curve25519 for key exchange
• Post-Quantum: CRYSTALS-Kyber via CIRCL
• Symmetric Encryption: XChaCha20-Poly1305
• Compression: Zlib for data compression

Documentation

• API Reference: pkg.go.dev/xipher.org/xipher
• Web Interface: xipher.org
• Examples: See usage examples above

Contributing

We welcome contributions! Please:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests if applicable
5. Submit a pull request

For bugs and feature requests, please open an issue.

Security

This project is experimental and should be used with caution in production environments. If you discover security vulnerabilities, please report them responsibly.

Security Considerations

• Password strength directly affects security
• Post-quantum algorithms are still evolving
• Regular updates recommended for latest security patches

License

This project is licensed under the terms specified in the LICENSE file.

Acknowledgments

Special thanks to the projects and people that made Xipher possible:

• Retriever - Inspiration for web-based encryption concepts
• CIRCL by Cloudflare - Post-quantum cryptography support
• StreamSaver.js - Browser file saving capabilities
• age - Inspiration for Curve25519 and XChaCha20-Poly1305 usage

---

Made with ❤️ for secure communication