Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
By Sarah Gooding - Jan 29, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
About
Encrypt or decrypt files using a Trezor hardware wallet.
By design, a decrypt operation requires a confirmation on the device. Unlike an encrypted partition, the user can have some assurance that the data remains encrypted unless needed.
Trez can add convenience and security, however, this is Beta software so you should only use Trez on a secondary copy of your data. Here are some use cases:
- Create cold-storage backups
- Use trez files to copy data to and from cold storage (keeping the USB clean).
- Keep encrypted partitions locked more often by extract commonly use data into Trez files.
Usage
$ npm install -g trez
$ trez -?
Trez - File encryption program making use of Trezor hardware wallet security.
Options:
--clipboard-save, -s Save next clipboard copy to an encrypted file (clears
the clipboard). [string]
--clipboard-load, -l Load the clipboard with decrypted data. [string]
--force Force overwrite file [boolean]
--help, -h, -? Show help [boolean]
Examples:
trez --clipboard-save [myfile.txt.trez, omit to generate filename]
trez --clipboard-load myfile.txt.trez
trez myfile.txt Encrypt to myfile.txt.trez
trez myfile.txt.trez Decrypt to myfile.txt
trez myfile.txt.trez - Decrypt to standard out
trez myfile.txt.trez /safe/myfile.txt Decrypt
Trez file format
The Trez format is JSON followed by binary data. Trez files use a 256 bit encrypted secret to unlock the larger dataset. This lends itself to better device performance and quick validation.
Please keep in mind the following safety design decisions were made. Make sure you understand any potential privacy issues:
- It is easy to identify a Trez file by looking at the data
- The Trezor's device label is saved in plain text in the trez file (that device is required to decrypt).
- The Trezor confirmation message is saved in plain text in the trez file (this phrase is required to decrypt).
- A device confirmation to decrypt is required. However, unless Trezor is configured to prompt for a passphrase or needs the PIN, a confirmation to encrypted is not used.
Requirements
- Clipboard (optional) - The copy-paste package will expect one of these prgrams: "pbcopy/pbpaste (for OSX), xclip (for Linux and OpenBSD), and clip (for Windows). Currently works with node.js v0.8+."
Environment
Node 6+
Disclaimer
No warranty. Audit the code or have someone check this for you. Your fully responsible for your own security.
FAQs
Encrypt or decrypt files using a Trezor hardware wallet.
The npm package trez receives a total of 7 weekly downloads. As such, trez popularity was classified as not popular.
We found that trez demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 04 Jul 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025