A simple text encryption/decryption password based GUI+CLI tool

Overview

ZeText: Zero disk exposition texts

This is a simple text encryption/decryption password based GUI+CLI tool, allowing to enter, edit and decrypt files in a way these never hit the filesystem. The ecnryption is robust (AES256) so is the password key derivation (PBKDF< HMAC on SHA3_384, manu rounds), so unless you use predicatble password, the encrypted text is safe.

The main purpose of this tool is to protect distribution generation scripts. As we all know, the probability that our file system is silently scanned by troojans and vurises is really high, so whatever secret is on our FS will someday be sold in the darknet. This open the door for fearful supply chain attack when our stolen, say. maven credentials are used to publish modified version of our stuff. We protect from it by putting such materials under the password, but we can not use traditional unix way tools, as even if our credentials will be decrypted for a split second while build scripts are active, it is enough for file-stealing trojans and viruses.

Say, we use maven publich plugin, so narutally we'll have in our build gradle script something like:

credentials {
    username System.getProperty("user")
    password System.getProperty("password")
}

That is fine, but we can't save these environment variables to a file without risk to cmopromise our deployment. That's where zetext comes to help.

We create new zetext, say, mcreds.ztext, with the following content (example):

export user="my_maven_user"
export password="my_maven_password"
#
# whatever else we want tp do before publishing
#

As zetext never saves plaintext to disk, it is kept safe under our password. Now, in our build script we but something like:

source <(zetext -d mcres.ztext)
./gradlew publish

The first line executes zetex in decryption mode: it opens GUI window, asks for password and decrypts the text to stdout. The decrypted text is passed to the shell's source (without hitting the disk) and interpreted in the context of the current shell process, where the environment verialbles above will be exported witout hitting the disk. Then the gradle publish task will perform having password and user set to correct values, until the calling script is dinished, where it will be more or less safe dropped.

If the password is wrong, or user has cancelled it, ztext returns error exit status (100 for cancel and 101 for wrong file/password).

This method has several advantages over setting up environments variables manually:

  • password is validated before build and can be reentered if mistaken
  • file contents are authenticated and could not be modified without password (EtA mode)
  • password and other credentials didn't get into bash history even by mistake
  • it is possible to put many secret data in a single file and remember/type only one password

How to install

For linux targets, see .deb distribution in the latest github release.

On MacOS, it requires notarization and stuff what is not yet done. Until then, clone the repository, install JDK and gradle and whatever else ./gradlew createDistributable will ask. Then start the app that will be in ${projectRoot}/build/compose/binaries/main. On the first start, select form the application menu tools -> install zetext shell script. Also, you can use .gradlew package to create installatino for your platform, that will also be placed somewhere in ${projectRoot}/build/compose/binaries/ depending on your platform.

Script will be installed to /usr/local/bin if exists and writable, otherwise to ~/bin.

You might also like...
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

A simple library that can help you detect if you app is modded or tampered with
A simple library that can help you detect if you app is modded or tampered with

Android Tamper Detector A simple library that can help you detect if you app is modded or tampered with. This adds a security level that makes it diff

A simple and opinionated AES encrypt / decrypt Ruby gem that just works.

AESCrypt - Simple AES encryption / decryption for Ruby AESCrypt is a simple to use, opinionated AES encryption / decryption Ruby gem that just works.

A simple android app that parses its own signature and displays it

SigDisplayer Usage Download the release APK or clone the repository and compile yourself. Sign the APK with your preferred keystore. Install and open

simple implementation KTLint with lib JLLeitschuh/ktlint-gradle

Simple DETEKT implementation others KTLint KTLint-gradle DeteKT Spotless gradle-code-quality-tools-plugin Tutorials medium Config detekt config.yml Gr

AndroidHybridCrypto is simple customizable Android implementation of hybrid cryptography (AES+RSA+Hash) recommended by OWASP.

AndroidHybridCrypto HybridCrypto is simple customizable Android implementation of hybrid cryptography (AES+RSA+Hash) recommended by OWASP. Usage Step

Simple PGP encryption/decryption on android.
Simple PGP encryption/decryption on android.

Android-PGP Introduction Adds PGP encryption and decryption support. How to install repositories { maven { url "https://jitpack.io" }

A kotlin implementation of commutative encryption based on ECC ElGamal encryption over Curve25519

komuta A commutative encryption implementation. This is a naive implementation of commutative encryption using the ElGamal scheme applied over Curve25

A plugin for Termux to use native Android GUI components from CLI applications.

Termux:GUI This is a plugin for Termux that enables command line programs to use the native android GUI. In the examples directory you can find demo v

A plugin for Termux to use native Android GUI components from CLI applications.

Termux:GUI This is a plugin for Termux that enables command line programs to use the native android GUI. In the examples directory you can find demo v

A Material Android password view that toggles password visibility via an eye icon.
A Material Android password view that toggles password visibility via an eye icon.

8/17/2016: As of about an hour ago, this library is deprecated! Support for password visibility is now included in the Design Support Library in TextI

An Android app that gives you a password generated by a given phrase with a custom algorithm, it also has password and biometric security.

An Android app that gives you a password generated by a given phrase with a custom algorithm, it also has password and biometric security.

Speech-Text Converter is a simple task that enable the user to convert the speech to text or convert text to speech (by Mic)
Speech-Text Converter is a simple task that enable the user to convert the speech to text or convert text to speech (by Mic)

Speech-Text Converter About Speech-Text Converter is a simple task that enable the user to convert the speech to text or convert text to speech (by Mi

Android developer tool to draw overlay layout for GUI debug

LayoutOverlay Overview Make a overlay window to show transparent shape to compare size with view, margin. Features Overlay window Drag Drag and drop t

AdpPad is a GUI application to use adb. adb is a command line tool to control android device.

AdbPad AdpPad is a GUI application to use adb. adb is a command line tool to control android device. Demo.mp4 ✨ Feature Observe a connected android de

CLI tool for decompiling Android apps to Java. It does resources! It does Java! Its real easy!

Easy-as-pie Android Decompiler Why One stop shop I got pretty tired of decompiling Android apps with a bunch of steps that I had to remember all the t

A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
Template for building CLI tool in Kotlin and producing native binary

Kotlin command-line native tool template This template allows you to quickly build command-line tool using Kotlin , Clikt and build a native binary fo

Modifold - Kotlin CLI tool for moving curseforge mods to modrinth
Modifold - Kotlin CLI tool for moving curseforge mods to modrinth

Modifold Modifold is a Kotlin CLI utility that allows you to transfer mods from

Releases(1.0.7-release)
Owner
sergeych
sergeych
Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby an

Scott Alexander-Bown 636 Dec 18, 2022
MiHawk 🦅👁️ is simple and secure 🔒 Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack DataStore Preferences 💽 to store data.

MiHawk MiHawk ?? ??️ is simple and secure ?? Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack

Nedal Hasan Ibrahem 5 Sep 3, 2022
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

___ ___ / | \ ____ __ __ ______ ____ / ~ \/ _ \| | \/ ___// __ \ \ Y ( <_> )

NCC Group Plc 1.2k Dec 21, 2022
Keepass2Android is a password manager app.

Keepass2Android What is Keepass2Android? Keepass2Android is a password manager app. It allows to store and retrieve passwords and other sensitive info

null 3.5k Jan 7, 2023
enjarify 8.6 0.0 L5 Python Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.

Note: This repository may be out of date. Future development will occur at https://github.com/Storyyeller/enjarify. Introduction Enjarify is a tool fo

Google 2.7k Jan 8, 2023
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

null 4.3k Jan 2, 2023
A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

null 92 Dec 15, 2022
A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.

FakerAndroid (FakerAndroid.jar or FakerAndroid-AS) A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffold

null 231 Dec 29, 2022
Analyze any Android/Java based app or game

ClassyShark Introduction ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and

Google 7.2k Jan 3, 2023
A Paper fork with secure feature seed based on Secure Seed mod by Earthcomputer

GitHub | Download | Discord Matter Matter is a Paper fork that currently only adds what we call a secure feature seed. Based on Secure Seed mod by Ear

Plasmo 51 Dec 26, 2022