NoXS

• Command line tool & library for authenticated encryption with password-based key derivation

Key derivation: Argon2id

• Parameters: iterations = 2, memory = 1024*256, parallelism = 2
• Input: password, secure random salt (16 bytes)
• Output: key (32 bytes)

Authenticated encryption: ChaCha20-Poly1305

• Input: key (32 bytes), nonce (last 12 bytes from salt), plaintext (n bytes)
• Output: version 0x01 (1 byte) || salt (16 bytes) || ciphertext (n bytes) || authentication tag (16 bytes)

Usage

With interaction (password prompt)

• noxs <command> <in_file> <out_file>

Without interaction (password from file)

• noxs <command> <in_file> <out_file> <password_file>

Commands

• e = encrypt
• ea = encrypt & base64-encode
• d = decrypt
• da = base64-decode & decrypt

Build with Rust and install to /usr/local/bin

• rust_build_install

OR build with Swift and install to /usr/local/bin

• swift_build_install_macos
• swift_build_install_linux