The minilock file encryption system, ported to pure Golang. Includes CLI utilities.



A pure-Go reimplementation of the miniLock asymmetric encryption system.

by Cathal Garvey, Copyright Oct. 2015, proudly licensed under the GNU AGPL.

Support via Gratipay

Or, Tip me a few bits? - 32ddsuR73CHH8igCNCLvRE3UwBqL8yU2ag


TL;DR: go-miniLock is a total Golang rewrite of miniLock, enabling native code performance, more platform flexibility, and downstream potential for automation and novel communication media not available to the original miniLock Chromium app.

See for information on miniLock. It's a file encryption system designed by Nadim Kobaissi and reviewed for security and soundness by experts. It's pretty well-put together, but as if that weren't enough it was released as an easy-to-use, user-focused Chrome App. In many respects it achieves what PGP was supposed to achieve, while dodging all the nastiness of PGP: Minilock gives:

  • Tiny identities: At ~40 characters, miniLock ID keys can be shared trivially through any medium.
  • Authenticated, Private communication between people without requiring a third-party
  • Easy verification of respective key:identity matchings.
  • Minimised metadata within the encrypted files; only recipients can see the identity of the sender and themselves, they cannot identify other valid recipients, and outsiders cannot determine, given a miniLock file, who sent it or who was the recipient.
  • No persistent keys: miniLock is designed to use deterministic keys that are generated from the user's memorable, highly secure passphrase and their email address (or a fake one..)
  • Transport agnostic: miniLock just encrypts files, it doesn't insist on a particular way of transmitting them.

The big disadvantage of miniLock has been how tied it is to Chrome; this limits platforms to laptops and desktops only, to GUI-enabled systems only, and makes integrating miniLock into other systems impossible. If you wanted to create a logging application that sends encrypted reports to your email daily using miniLock, forget it. If you wanted to build a P2P social network using miniLock for authentication and privacy, forget it.

See deadLock for my past efforts towards creating a shell-scriptable version of miniLock, but Python isn't much better than a Chrome app, due to version wars (thanks, fossilised 2.X users..), lack of pre-installation on Windows, and difficulty of C-extension compilation on WinMac. Oh, and the bug-prone-ness of Python in general!

Golang, as a language, addresses all the needs I forsee for a more versatile miniLock: it compiles to any platform extremely quickly, it has growing support for building native mobile apps, it can transpile to JS, it's fast, and it offers useful tools and concurrency primitives that facilitate the underlying, highly paralleliseable activity of miniLock. And, for a developer, it's very good at catching common bugs at compile-time; forgotten or renamed variables, typing errors, mismatched return types, etcetera.

So here's go-minilock; it sets out to be both an easy-to-use alternative to PGP, a native answer to the miniLock browser extension, and a library for easily constructing tools that go beyond manual human-to-human cryptography and extend into the automated, networked, or decentralised sphere.


Documentation for the library can be found at godoc. Functionality is deliberately broken into construction of the encrypted data itself and constructing the headers that assist in decryption and obfuscation of communicating parties; this is to enable use of the library for more than just miniLock-of-files, but also because other systems built atop miniLock (such as Peerio) use detached, updateable headers as a way to facilitate social file-sharing.

Much of the slightly-lower-level crypto stuff is in a sub-package called "taber", which can be imported separately with import "", and documentation for which is here on Godoc.

For terminal usage of go-miniLock, you can install the tool with: go get -u Usage is simple enough and needs improvement:

minilock-cli encrypt <file> <your email> <recipient1> [<recipient2>...]
minilock-cli decrypt <file> <your email>

A number of flags modify usual behaviour. The most important is probably the "-p" flag which allows the passphrase for the user's key to be provided directly instead of being requested interactively; this allows shell-scripting using minilock-cli, or simply aliasing to create a rapid way of encrypting or decrypting things using your key. Beware, obviously, that for personal uses this breaks one of the security features of minilock, namely that personal keys are not stored but remembered! This feature, therefore, was more intended for server-side or scripting uses than for individuals.

A UI would be really nice but isn't yet on the cards. Watch this space. Meanwhile, use miniLock.

Where from Here

Here are things I'd really enjoy, if you're feeling creative. I may start on some of these, also..

  • Python bindings to go-miniLock, to enable a drastic refactor of deadlock. Current Go:Python binding solutions I've seen have involved some very ugly C shimming, but I suspect using FFI or Ctypes might work since Go 1.5 introduced C-ABI library compilation?
  • Integration of go-miniLock with desktop mail clients.
  • Transpiling usefully to JS using GopherJS, with a comparable library interface.
  • An Android client using the new Go:Android Bindings introduced in Go 1.5. Integration of said Android client into K9 Mail.
  • A self-hostable, federating Peerio server that respects your fundamental rights.
    • Bonus: Federates with other such servers in a robust way.
    • Bonus: Generates chaff traffic.
    • Bonus: Offers option to delete correspondance in same way as shared files.
    • Bonus: Talks to email servers, receives email and stores/delivers miniLock..and vice-versa.
  • A total rewrite of Peerio Client that doesn't require Chromium, could run headlessly.
    • Bonus: IMAP/SMTP adaptor 'client' for mail client alternative.
    • Bonus: IRC/XMPP adaptor 'client' for chat client alternatives.
    • Bonus: "Sync Folder Contents" option for dropbox-style crypto-extension to Peerio.

Credits Reel

  • Crash in minilock.EncryptFileContents with empty `fileContents`

    Crash in minilock.EncryptFileContents with empty `fileContents`

    Hi there,

    I managed to crash this nice library. It occurred to me when attempting to encrypt an empty file. Here's a minimal test program, backtrace included:

    I'm using the latest master branch (on Linux if that matters). Seems you're missing some kind of a clamp in taber:

        max_length := FILENAME_BLOCK_LENGTH + (num_chunks * BLOCK_LENGTH)
        // make-len will get negative for make_length < BLOCK_LENGTH...
        ciphertext = make([]byte, max_length-BLOCK_LENGTH, max_length)
    opened by sahib 7
  • File signing

    File signing

    Is it possible to sign files with go-minilock? I don't see anything about signing in the miniLock README, but it's public key crypto so I assume it's possible... Thanks.

    opened by elimisteve 5
  • "Potential security hazards"

    -o, --output="NOTGIVEN" ... Warning: Right now this presents potential security hazards!

    What security hazards? (I'm looking to use miniLock for a serious project and am hoping I can use go-minilock.) Thanks!

    opened by elimisteve 3
  • Error encrypting

    Error encrypting

    opened by Fastidious 1
  • Re-enter passphrase

    Re-enter passphrase

    If I have a typo on my password, the encrypted file information will be gone forever. Asking twice for a password on encryption is something that is needed.

    opened by Fastidious 1
  • Fix interaction with gopass

    Fix interaction with gopass

    An update to gopass's API has changed the GetPasswd methods return values. They have changed from byte[] to byte[], error. This change allows the minilock-cli to be installed correctly with go get -u

    opened by danwakefield 1
  • error: Failed to encrypt

    error: Failed to encrypt


    I try to test minilock-cli but I've an error.

    ./main encrypt test.txt [email protected] [email protected] Enter password: main: error: Failed to encrypt..: illegal base58 data at input byte 2

    [email protected]:~/go-minilock/minilock-cli$ go version go version go1.5.1 linux/amd64

    Thank you.

    opened by jhautefeuille 1
  • File streaming/chunking?

    File streaming/chunking?

    I'm looking at and it sounds like the JS implementation streams files, encrypting them one chunk at a time.

    And it appears that go-minilock uses ioutil.ReadFile to read in files. Any plans to encrypt/decrypt in chunks? Would you accept a PR that added this? At some point I will need this functionality, but not this second.


    opened by elimisteve 2
  • Implement zxcvbn passphrase checking

    Implement zxcvbn passphrase checking

    Using zxcvbn is one of the design aspects of miniLock that made it special, and it was included as a feature in deadLock because zxcvbn was ported at that time to Python.

    When writing go-miniLock I couldn't locate a Go port, so it was omitted. Since, there's zxcvbn-go, so it deserves to be hacked in. A main-func flag may be included to override checking for legacy purposes but the miniLock-cli tool shouldn't include this feature to prevent stupid behaviour.

    opened by cathalgarvey 0
  • Code Needs Cleanup & Review

    Code Needs Cleanup & Review

    After satisfying API in #6, code needs to be reviewed for sanity and cleaned up considerably, with a view to getting external input and review for security.

    This should be done alongside creating a style guide for future work, and including some git-hooks to enforce.

    opened by cathalgarvey 0
  • Needs Stable API

    Needs Stable API

    Need to decide on a top-level API, and fix it. This will help other issues build-out upon the top-level api, like #5.

    Some discussion on better go-miniLock APIs took place on Reddit and may be informative.

    The stable API needs to be parallel-friendly.

    Stable API can then be marked as such, but does not preclude other public functions being made available that are not guaranteed stable across versions.

    Stable API could be an interface type, with the main implementation satisfying this interface. This could allow other experimental implementations to be added and benchmark-compared later without much mess?

    opened by cathalgarvey 0
  • Needs Basic Benchmarks

    Needs Basic Benchmarks

    This needs benchmarks, from the standard testing library.

    Benchmarks need to be sane and not so brittle that they break with improved code; this might need to be subordinate to the #6 Stable API issue and the "API We Can Be Proud Of" milestone.

    enhancement help wanted 
    opened by cathalgarvey 0
Cathal Garvey
I have archived and moved all my non-professional work to Gitlab:
Cathal Garvey
Sekura is an Encryption tool that's heavily inspired by the Rubberhose file system.

It allows for multiple, independent file systems on a single disk whose existence can only be verified if you posses the correct password.

null 51 Feb 1, 2022
A super easy file encryption utility written in go and under 800kb

filecrypt A super easy to use file encryption utility written in golang ⚠ Help Wanted on porting filecrypt to other programing languages NOTE: if you

Flew Software 80 May 8, 2022
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.

Quick start Prepare keys (on both sides): [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/ ] || ssh-keygen -t ed25519 scp ~/.ssh/

null 24 Mar 21, 2022
A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption

A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption

null 84 Apr 30, 2022
Encryption & Decryption package for golang

encdec Encryption & Decryption package for golang func main() { startingTime := time.Now() privKey, pubKey := GenerateRsaKeyPair() fmt.Println("Priva

MD MOSTAIN BILLAH 3 Feb 11, 2022
DERO Homomorphic Encryption Blockchain Protocol

Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is in an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data.

null 84 May 16, 2022
A document encryption solution for the reMarkable 2 ePaper tablet.

Remarkable 2 Encryption This repository contains multiple tools to encrypt the home folder of the reMarkable 2 epaper tablet using gocryptfs. Detailed

RedTeam Pentesting GmbH 29 May 18, 2022
Go implementation of the Data At Rest Encryption (DARE) format.

Secure IO Go implementation of the Data At Rest Encryption (DARE) format. Introduction It is a common problem to store data securely - especially on u

Object Storage for the Era of the Hybrid Cloud 287 Apr 25, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Filippo Valsorda 10.4k May 12, 2022
Easy to use encryption library for Go

encryptedbox EncryptedBox is an easy to use module for Go that can encrypt or sign any type of data. It is especially useful when you must serialize y

Jesse Swidler 18 Oct 26, 2021
A tool for secrets management, encryption as a service, and privileged access management

Deploy HCP Vault & AWS Transit Gateways via Terraform

Temur Yunusov 0 Nov 23, 2021
TTAK.KO-12.0223 Lightweight Encryption Algorithm with Galois/Counter Mode (LEA-GCM)

LEACrypt The Lightweight Encryption Algorithm (also known as LEA) is a 128-bit block cipher developed by South Korea in 2013 to provide confidentialit

Pedro F. Albanese 0 Dec 28, 2021
Functional encryption for images

ImageFE Functional encryption for images. Introduction In the traditional cryptography framework, a decryptor either recovers the entire plaintext fro

null 3 Mar 8, 2022
Attempts to make attribute based encryption work, particularly trying out bn256 pairing curve

EC Pairings over bn256 This is an attempt to solve the core problem of attribute based encryption, where the goal is to be able to use CA-issued attri

Robert Fielding 1 Jan 5, 2022
Go Encrypt! Is a simple command-line encryption and decryption application using AES-256 GCM.

Go Encrypt! Go Encrypt! is a command-line application used to easily encrypt and decrypt files with the AES-256 GCM encryption algorithm. Usage Usage

Peter Georgas 0 Jan 5, 2022
Lattigo: lattice-based multiparty homomorphic encryption library in Go

Lattigo: lattice-based multiparty homomorphic encryption library in Go Lattigo i

null 0 Jan 18, 2022
Ubiq-fpe-go - Format preserving encryption in Go

Format Preserving Encryption in Go An implementation of the NIST-approved FF1 an

Ubiq Security, Inc. 4 Apr 20, 2022
Length-preserving encryption algorithm

hctr2 Length-preserving encryption algorithm Security Disclosure This project uses full disclosure. If you find

Eric Lagergren 2 Feb 28, 2022
Card-encrypt - The encryption code necessary to enroll debit cards in the Palla API

?? Card RSA Encryption Thank you for choosing Palla! ?? In this repository you'l

palla 0 Feb 7, 2022