pegh is a file encryption tool using passwords and authenticated encryption. It is simple, secure, and returns proper exit codes so you can tell whether encryption or decryption failed or not.
# encrypt file.txt to file.txt.pegh with password SUPER_SECRET_1942
pegh -e SUPER_SECRET_1942 <file.txt>file.txt.pegh
# decrypt file.txt.pegh to file.txt with password SUPER_SECRET_1942
pegh -d SUPER_SECRET_1942 <file.txt.pegh>file.txt
```
The easiest way to scale cost/time it takes for bruteforcing is simply to continue doubling -s, on both encryption and decryption commands.
full help:
```
$ pegh -h
usage: pegh [-demNrpshV] password
-e encrypt stdin to stdout, default mode
-d decrypt stdin to stdout
-m <max_mb> maximum megabytes of ram to use when deriving key from password
with scrypt, applies for encryption AND decryption, must
almost linearly scale with -N, if too low operation will fail,
default: 64
-N <num> scrypt parameter N, only applies for encryption, default 32768
this is rounded up to the next highest power of 2
-r <num> scrypt parameter r, only applies for encryption, default 8
-p <num> scrypt parameter p, only applies for encryption, default 1
-s <num> multiplication factor to apply to both -N and -m for easy
work scaling, rounded up to the next highest power of 2,
default: 1
-h print this usage text
-V show version number and format version support then quit
For additional info on scrypt params refer to:
https://blog.filippo.io/the-scrypt-parameters/
https://tools.ietf.org/html/rfc7914#section-2
```
pegh file format
----------------
pegh implements a simple versioned file format so encryption parameters can change in the future. Numbers here are inclusive 0-based byte array indices, 0th byte is always version number, everything else depends on version number, currently only version 0 exists.