In the next article we are going to take a look at Toplip. This is one command line utility for file encryption and decryption. Today there are numerous file encryption tools to protect our files such as Cryptomater, CryptGo, Cryptr and GnuPG, etc, but this tool is a good alternative to all of them.
This is one free and open source encryption utility which uses a strong encryption method called AES256, along with a design XTS-AES to protect our confidential data. It also uses Scrypt, which is a password-based key derivation function, to protect our passwords against brute force attacks.
Table of Contents
General characteristics of Toplip
Compared to other file encryption tools, toplip delivers it to us with the following features:
- I posed an encryption method based on XTS-AES256.
- We will be able encrypt files within images (PNG / JPG).
- We will have the possibility to use a multiple password protection.
- Simplified protection against brute force attacks.
- It gives us the possibility of generating a "plausible denial".
- There are no identifiable exit markers.
- It is a utility of open source / GPLv3.
No installation required. All we have to do is download Toplip executable binary from the official product page. Once downloaded we will have to give it execution permissions by typing in the terminal (Ctrl + Alt + T):
chmod +x toplip
If we execute Toplip without arguments, it will show us the help.
Some examples of Toplip
Encrypt / decrypt a single file
We can encrypt a file (file1) writing from the folder where we have the toplip file:
./toplip archivo1 > archivo1.encrypted
This command will ask us to write a password. Once we write it, it will will encrypt the content of the file1 and it will save them in a file called file1.encrypted placing it in the current working directory.
To check if the file is really encrypted, we can try to open it and we will see some random characters. To see the content of the file that we have just encrypted, we will have to use the -d option as below:
./toplip -d archivo1.encrypted
This command will decrypt the given file and will display the content in the terminal window.
Restore encrypted file
To restore the file instead of just viewing the content, we will have to do something like the following:
./toplip -d archivo1.encrypted > archivo1Restaurado
It will ask us for the correct password to decrypt the file. Everyone the contents of file1.encrypted will be restored to a file called file1Restored. These names are just an example. It is advisable to use less predictable names.
Encrypt / Decrypt Multiple Files
We can also encrypt two files with two separate passwords for each.
./toplip -alt archivo1 archivo2 > archivo3.encriptado
We will be asked for a password for each file. We can use different passwords. What the above command will do is encrypt the contents of two files and save them in a single file called file3.encripted. When we restore the files, we will only have to write the corresponding password of the file to restore. If we write the password of file1, the tool will restore file1. If we write the password of file2, this file will be restored.
Every output encrypted can contain up to four totally independent files, and each created with its own separate and unique password. Due to the way encrypted results are put together, no way to easily determine if multiple files exist. This will prevent another user from conclusively identifying that there is additional confidential data. This is called plausible denial, and it is one of the most interesting features of this tool.
To decrypt file1 from file3.encripted, we will only have to write:
./toplip -d archivo3.encriptado > archivo1.desencriptado
We will have to type the correct password for file1. To decrypt file2 from file3.encripted, we will have to write basically the same thing as to decrypt file1, but changing the name and using the password that we assigned to file2.
Use multiple password protection
This is another cool feature. We will can add multiple passwords for a single file when encrypting it. This will be very effective against brute force attempts.
./toplip -c 2 archivo1 > archivo1.encriptado.2.passwords
As you can see from the example above, toplip asked me to write two (-c 2) passwords. Keep in mind that we must write two different passwords. To decrypt this file, we will have to write:
./toplip -c 2 -d archivo1.encriptado.2.passwords > archivo1.desencriptado
Hide files within the image
The practice of hiding a file, message, image, or video within another file is called steganography. This feature exists in Toplip by default. To hide a file (s) within images, we will use the -m option.
./toplip -m imagen.jpg archivo1 > imagen1.jpg
This command hides the content of file1 inside an image named image1.png. To decrypt it we will have to execute:
./toplip -d imagen1.png > archivo1.desencriptado
Here at the project website we will be able to obtain more information about the possibilities of this tool.