I was disappointed with AES-256, since it does not defend against timing side-channel attacks. I was inspired by xchacha20-poly1305 cipher and the rsync command.
Secure deletion of backup files is not an option. It is completely impossible to gurantee that a file stored in an SSD or HDD has definitely been wiped. So I decided to store encrypted backups in drives from the very beginning to ensure that sensitive data cannot be compromised, even if previous versions of the file's or directory's history are stored in the hard drive's journaling filesystem. The Ex* filesystems are especially famous for automatically keeping version histories of files.
I decided to create this so I can make encrypted backups of my entire root directory.
What it does
It makes an encrypted copy of a directory, effectively serving as an encrypted backup tool.
How I built it
Using the libsodium library written in the C programming language
Challenges I ran into
Dealing with file permissions and ownership permissions of files and directories.
Accomplishments that I'm proud of
I learned how to recursively delete only the files in the destination directory that do not exist in the source directory. This helps update the backup directory. This is what the famous "rsync --delete" command does. My project
What I learned
I learned many of the library functions used for encryption, decryption, and password hashing. I also learned how the rsync command smartly copies files and directories.
What's next for prm
Ensure prm can read and tell the latest modification date/time of a file. This will allow prm to skip files that are already up to date.
I actually intend to submit this project as both ArchLinux and Gentoo packages. This project was made on an ArchLinux laptop, although I am in the process of migrating to the Gentoo Linux operating system.
I intend people to use this simple program to make encrypted backups of their entire root directory.
Moreover, libsodium even has functions for storing password hashes (with salt). Currently, linux system merely use SHA512 to store passwords. Which is not great since checksum algorithms like SHA512 are vulnerable to dictionary and GPU cracking attacks like rainbow-table attacks. A better algorithm would be argon2id, which libsodium has a built in function for: crypto_pwhash_str() and crypto_pwhash_str_verify(), which have complete support for argon2id. I intend to make use of these functions to store my login passwords in my linux computer. To do this, the hashes that crypto_pwhash_str() outputs must be printed to a special file in linux called "/etc/shadow". If you have a mac that file instead is called: "/etc/passwd". Having my passwords stored as an argon2id hash is a much, much safer alternative than using SHA-512.
Still more, I intend to use the libsodium library to also develop a program that will perform full-disk encryption of an entire computer's hard drive. Protecting its contents from being seen by someone without the owner's permssion. Since true secure-deletion of files is a myth, the best thing we can do is to perform full-disk encryption on the hard drive to prevents its contents from being tampered. It is arguably best to use the public-private key cryptography system libsodium offers: "crypto_box" library suite.
Finally, libsodium even has an asymmetric encryption system, similiar to the RSA-RSA private-public key system. Unlike RSA, libsodium's asymmetric encryption is also resistant to timing side-channel attacks. Imagine a hacker hacking into your computer through an SSH login simply by performing this attack. It is my intention to even add support for this asymmetric public-private key system to the GPG suite. This will be done using libsodium's "crypto_box" public-private key cryptography suite.