staticrypt/README.md

# StatiCrypt

Based on the [crypto-js](https://github.com/brix/crypto-js) library, StatiCrypt uses AES-256 to encrypt your string with your passphrase in your browser (client side).

Download your encrypted string in a HTML page with a password prompt you can upload anywhere (see [example](https://robinmoisson.github.io/staticrypt/example.html)).

You can encrypt a file online at https://robinmoisson.github.io/staticrypt.

## HOW IT WORKS

**Disclaimer** if you have extra sensitive banking data you should probably use something else!

StatiCrypt generates a static, password protected page that can be decrypted in-browser: just send or upload the generated page to a place serving static content (github pages, for example) and you're done: the javascript will prompt users for password, decrypt the page and load your HTML.

It basically encrypts your page and puts everything with a user-friendly way to use a password in the new file.

AES-256 is state of the art but brute-force/dictionary attacks would be trivial to do at a really fast pace: **use a long, unusual passphrase**.

The concept is simple but I am not a cryptographer, feel free to contribute or report any thought to the GitHub project! (Though be warned it might take me a long time to get to it - I apologize in advance)

## CLI

Staticrypt is available through npm as a CLI, install with `npm install -g staticrypt` and use as follow:

    Usage: staticrypt <filename> <passphrase> [options]

    Options:
      --help               Show help                                       [boolean]
      --version            Show version number                             [boolean]
      -e, --embed          Whether or not to embed crypto-js in the page (or use an
                           external CDN)                   [boolean] [default: true]
      -o, --output         File name / path for generated encrypted file
                                                            [string] [default: null]
      -t, --title          Title for output HTML page
                                                [string] [default: "Protected Page"]
      -i, --instructions   Special instructions to display to the user.
                                                            [string] [default: null]
      -f, --file-template  Path to custom HTML template with password prompt.
                              [string] [default: "[...]/cli/password_template.html"]


Example usages:

- `staticrypt test.html mysecretpassword` -> creates a `test_encrypted.html` file
- `find . -type f -name "*.html" -exec staticrypt {} mypassword \;` -> create encrypted files for all HTML files in your directory

You can use a custom template for the password prompt - just copy `cli/password_template.html` and modify it to suit your presentation style and point to your template file with the `-f` flag. Be careful to not break the encrypting javascript part, the variables replaced by staticrypt are between curly brackets: `{instructions}`.

**ADBLOCKERS**: If you do not embed crypto-js and serve it from a CDN, some adblockers see the `crypto-js.min.js`, think that's a crypto miner and block it.

Thanks [Aaron Coplan](https://github.com/AaronCoplan) for bringing the CLI to life!
Create README.md 2017-06-14 18:41:14 +00:00			`# StatiCrypt`

			`Based on the [crypto-js](https://github.com/brix/crypto-js) library, StatiCrypt uses AES-256 to encrypt your string with your passphrase in your browser (client side).`

			`Download your encrypted string in a HTML page with a password prompt you can upload anywhere (see [example](https://robinmoisson.github.io/staticrypt/example.html)).`

wording 2017-06-15 11:21:59 +00:00			`You can encrypt a file online at https://robinmoisson.github.io/staticrypt.`
Create README.md 2017-06-14 18:41:14 +00:00
			`## HOW IT WORKS`

wording 2018-02-19 18:45:43 +00:00			`Disclaimer if you have extra sensitive banking data you should probably use something else!`
Create README.md 2017-06-14 18:41:14 +00:00
wording 2018-02-19 18:45:43 +00:00			`StatiCrypt generates a static, password protected page that can be decrypted in-browser: just send or upload the generated page to a place serving static content (github pages, for example) and you're done: the javascript will prompt users for password, decrypt the page and load your HTML.`
Create README.md 2017-06-14 18:41:14 +00:00
wording 2018-02-19 18:45:43 +00:00			`It basically encrypts your page and puts everything with a user-friendly way to use a password in the new file.`
Create README.md 2017-06-14 18:41:14 +00:00
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`AES-256 is state of the art but brute-force/dictionary attacks would be trivial to do at a really fast pace: use a long, unusual passphrase.`
Create README.md 2017-06-14 18:41:14 +00:00
add salt and key derivation, close #113 2019-06-28 14:23:13 +00:00			`The concept is simple but I am not a cryptographer, feel free to contribute or report any thought to the GitHub project! (Though be warned it might take me a long time to get to it - I apologize in advance)`
Create README.md 2017-06-14 18:41:14 +00:00
update readme for CLI 2017-12-28 11:32:09 +00:00			`## CLI`

			Staticrypt is available through npm as a CLI, install with `npm install -g staticrypt` and use as follow:

add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`Usage: staticrypt <filename> <passphrase> [options]`
typo readme 2018-01-14 11:57:11 +00:00
update readme for CLI 2017-12-28 11:32:09 +00:00			`Options:`
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`--help Show help [boolean]`
			`--version Show version number [boolean]`
			`-e, --embed Whether or not to embed crypto-js in the page (or use an`
use custom named file for crypto-js instead of cdn (blocked by adblockers) 2018-02-19 18:34:49 +00:00			`external CDN) [boolean] [default: true]`
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`-o, --output File name / path for generated encrypted file`
update readme for CLI 2017-12-28 11:32:09 +00:00			`[string] [default: null]`
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`-t, --title Title for output HTML page`
update readme for CLI 2017-12-28 11:32:09 +00:00			`[string] [default: "Protected Page"]`
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`-i, --instructions Special instructions to display to the user.`
update readme for CLI 2017-12-28 11:32:09 +00:00			`[string] [default: null]`
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`-f, --file-template Path to custom HTML template with password prompt.`
typo readme 2018-01-14 11:57:11 +00:00			`[string] [default: "[...]/cli/password_template.html"]`

add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00
update readme for CLI 2017-12-28 11:32:09 +00:00			`Example usages:`

			- `staticrypt test.html mysecretpassword` -> creates a `test_encrypted.html` file
			- `find . -type f -name "*.html" -exec staticrypt {} mypassword \;` -> create encrypted files for all HTML files in your directory

typo readme 2018-01-14 11:57:11 +00:00			You can use a custom template for the password prompt - just copy `cli/password_template.html` and modify it to suit your presentation style and point to your template file with the `-f` flag. Be careful to not break the encrypting javascript part, the variables replaced by staticrypt are between curly brackets: `{instructions}`.
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00
use custom named file for crypto-js instead of cdn (blocked by adblockers) 2018-02-19 18:34:49 +00:00			ADBLOCKERS: If you do not embed crypto-js and serve it from a CDN, some adblockers see the `crypto-js.min.js`, think that's a crypto miner and block it.

wording 2018-02-19 18:45:43 +00:00			`Thanks [Aaron Coplan](https://github.com/AaronCoplan) for bringing the CLI to life!`