Secure asymmetric encryption with password-based keys
Xipher is a collection of cryptographic primitives for password-based asymmetric encryption. It lets you share encrypted data between parties over insecure channels using public keys derived from passwords. Includes support for post-quantum algorithms.
Homebrew (macOS):
brew install --cask shibme/tap/xipher
Install Script (Linux/macOS):
# Latest version
curl -fsSL https://xipher.org/install/install.sh | sh
# Specific version
curl -fsSL https://xipher.org/install/install.sh | sh -s v1.17.0
Install Script (Windows):
# PowerShell (latest version)
irm https://xipher.org/install/install.ps1 | iex
# PowerShell with specific version
$v="1.17.0"; irm https://xipher.org/install/install.ps1 | iex
Binary Download: Download from releases page
Docker:
docker run --rm -v $PWD:/data -it shibme/xipher help
go get -u xipher.org/xipher
package main
import (
"encoding/base32"
"fmt"
"xipher.org/xipher"
)
func main() {
// Create secret key from password
secretKey, err := xipher.NewSecretKeyForPassword([]byte("your-secure-password"))
if err != nil {
panic(err)
}
// Derive public key
publicKey, err := secretKey.PublicKey(false)
if err != nil {
panic(err)
}
// Encrypt data
plaintext := []byte("Hello, World!")
ciphertext, err := publicKey.Encrypt(plaintext, true)
if err != nil {
panic(err)
}
// Decrypt data
decrypted, err := secretKey.Decrypt(ciphertext)
if err != nil {
panic(err)
}
fmt.Printf("Original: %s\n", plaintext)
fmt.Printf("Decrypted: %s\n", decrypted)
}
Try it out at xipher.org
How it works:
sequenceDiagram
participant RX as Xipher<br>(Browser)
actor R as Receiver
actor S as Sender
participant SX as Xipher<br>(Browser)
R-->>+RX: Opens app
RX-->>RX: Generate keys
RX-->>-R: Public key URL
R->>+S: Share URL
S-->>+SX: Open URL & encrypt
SX-->>-S: Ciphertext
S->>-R: Send ciphertext
R-->>+RX: Decrypt
RX-->>-R: Plaintext
steps:
- name: Setup Xipher
uses: shibme/xipher@v1
with:
version: 1.17.0 # optional
name: Publish Xipher Web
on:
workflow_dispatch:
jobs:
pages:
uses: shibme/xipher/.github/workflows/pages.yaml@main
<html>
<head>
<meta charset="utf-8"/>
<script src="https://xipher.org/wasm/wasm_exec.js"></script>
<script>
const go = new Go();
WebAssembly.instantiateStreaming(
fetch("https://xipher.org/wasm/xipher.wasm"),
go.importObject
).then((result) => {
go.run(result.instance);
});
</script>
</head>
<body>
<!-- Call methods starting with 'xipher', e.g., xipherNewSecretKey() -->
</body>
</html>
Note: v1.19+ uses Go's native ML-KEM package for post-quantum crypto (FIPS 203 compliant). This breaks compatibility with previous Kyber implementations. Standard ECC encryption is unaffected.
Contributions are welcome. Fork the repo, make your changes, and submit a pull request. For bugs or feature requests, open an issue.
This project is experimental - use with caution in production. If you find security issues, please report them.
A few things to keep in mind:
This project is licensed under the terms specified in the LICENSE file.
Thanks to these projects:
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket is tracking cloned Open VSX extensions tied to GlassWorm, with several updated from benign-looking sleepers into malware delivery vehicles.
Product
Reachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable.
Product
Export Socket alert data to your own cloud storage in JSON, CSV, or Parquet, with flexible snapshot or incremental delivery.