Back to main menu

IT & Engineering

Lemmacmd: Simple file encryption tool

Occasionally we all find the need to encrypt files as part of our job. The need to encrypt files comes up for a variety of reasons: the need to commit sensitive information into a repository, the need to transfer information over an insecure medium, or the need to leave something on disk that requires stronger access controls than the operating system provides.

PUBLISHED ON

PUBLISHED ON

Occasionally we all find the need to encrypt files as part of our job. The need to encrypt files comes up for a variety of reasons: the need to commit sensitive information into a repository, the need to transfer information over an insecure medium, or the need to leave something on disk that requires stronger access controls than the operating system provides.

While a variety of options exist, most of them are clunky, confusing, or worse yet, give a false sense of security. For example GPG is often recommended to encrypt files, but it ships with a variety of outdated ciphers and usability has never been it’s strong suit. OpenSSL comes with a convenient command line tool called “openssl enc”, but it actually doesn’t support any form of authenticated encryption.

Mailgun has written a simple tool called lemmacmd that uses NaCl and PBKDF#2 under the hood to encrypt and decrypt small files on disk. It gets a lot of things right:

  • Badge Check

    Easy to use: lemmacmd encrypt -in foo.txt -out foo.txt.enc

  • Badge Check

    Supports both keys and passphrases so it can be used in a automated manner or interactively.

  • Badge Check

    When it’s used with a passphrase, it uses a KDF (PBKDF#2) with a large iteration count: 524,288.

  • Badge Check

    It uses a authenticated cipher: Salsa 20 with Poly1305 as a Message Authentication Code (MAC) from the NaCl library.

  • Badge Check

    It’s a small statically linked 4 MB binary that can be dropped anywhere and it will work.

  • Badge Check

    It’s fast: encrypting a 10 MB file takes a little bit over a second.

  • Badge Check

    It’s easily auditable, lemmacmd is only 222 lines, lemma the library is only 365 lines, and the actual crypto code from NaCl and PBKDF#2 is only 226 lines.

If you are interested in checking out the source or contributing, it’s available via GitHub as is the latest release.

As always, if you find any issues (or security vulnerabilities!) please reach out to us via GitHub.

Sign Up

It's easy to get started. And it's free.

See what you can accomplish with the world’s best email delivery platform.

Related readings

How to prepare your Infrastructure for Black Friday

Black Friday – a time of year when all eyes are on the infrastructure team to keep the ship afloat. As marketers ramp up their email cadence, consumers rush to get the best deals...

Read More

The golden age of scammers: AI-powered phishing

Long live the prince of Nigeria, he had a good run. Gone is the age where scammers wield the same mediocre power as a snake oil salesman, reliant on their own persuasion and...

Read More

What are SYN flood attacks and how can you defend against them?

“We’re under attack!” It’s a line that could very well be taken directly from Star Wars or The Matrix, but it’s also a cyber security reality. These attacks are not only sneaky but can be...

Read More

Popular posts

Email inbox.

Email

5 min

Build Laravel 11 email authentication with Mailgun and Digital Ocean

Read More

Mailgun statistics.

Product

4 min

Sending email using the Mailgun PHP API

Read More

Statistics on deliverability.

Deliverability

5 min

Here’s everything you need to know about DNS blocklists

Read More

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon