Skip to content
/ xipher Public

Xipher is a curated collection of cryptographic primitives put together to perform key/password based asymmetric encryption

xipher.org

License

MIT license
11 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

shibme/xipher

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Repository files navigation

Xipher Logo

Xipher

Secure asymmetric encryption with password-based keys

Go Reference Go Report Card Test Status Release Status License

Overview

Xipher is a collection of cryptographic primitives for password-based asymmetric encryption. It lets you share encrypted data between parties over insecure channels using public keys derived from passwords. Includes support for post-quantum algorithms.

Features

  • Asymmetric encryption using password-derived public keys
  • Stream processing with built-in compression
  • Post-quantum security (optional Kyber1024 support)
  • Available as CLI tool, Go library, WebAssembly module, and web interface
  • Optimized for both small and large data

Quick Start

Installation

CLI Tool

Homebrew (macOS):

brew install shibme/tap/xipher

Install Script (Linux/macOS):

# Latest version
curl -fsSL https://xipher.org/install/install.sh | sh

# Specific version  
curl -fsSL https://xipher.org/install/install.sh | sh -s v1.17.0

Install Script (Windows):

# PowerShell (latest version)
irm https://xipher.org/install/install.ps1 | iex

# PowerShell with specific version
$v="1.17.0"; irm https://xipher.org/install/install.ps1 | iex

Binary Download: Download from releases page

Docker:

docker run --rm -v $PWD:/data -it shibme/xipher help

Go Package

go get -u xipher.org/xipher

Basic Usage

CLI Example

Demo

Go Package Example

package main

import (
	"encoding/base32"
	"fmt"
	"xipher.org/xipher"
)

func main() {
	// Create secret key from password
	secretKey, err := xipher.NewSecretKeyForPassword([]byte("your-secure-password"))
	if err != nil {
		panic(err)
	}

	// Derive public key
	publicKey, err := secretKey.PublicKey(false)
	if err != nil {
		panic(err)
	}

	// Encrypt data
	plaintext := []byte("Hello, World!")
	ciphertext, err := publicKey.Encrypt(plaintext, true)
	if err != nil {
		panic(err)
	}

	// Decrypt data
	decrypted, err := secretKey.Decrypt(ciphertext)
	if err != nil {
		panic(err)
	}

	fmt.Printf("Original: %s\n", plaintext)
	fmt.Printf("Decrypted: %s\n", decrypted)
}

Usage

Web Interface

Try it out at xipher.org

How it works:

  1. The receiver opens the web app and generates a key pair (keys are saved in the browser).
  2. The receiver shares their public key URL with the sender.
  3. The sender opens this URL, encrypts their data using the receiver's encryption URL, and then sends the resulting ciphertext (or encrypted link) back to the receiver.
  4. The receiver decrypts the ciphertext in the same browser where the key pair was originally generated.
sequenceDiagram
participant RX as Xipher<br>(Browser)
actor R as Receiver
actor S as Sender
participant SX as Xipher<br>(Browser)
    R-->>+RX: Opens app
    RX-->>RX: Generate keys
    RX-->>-R: Public key URL
    R->>+S: Share URL
    S-->>+SX: Open URL & encrypt
    SX-->>-S: Ciphertext
    S->>-R: Send ciphertext
    R-->>+RX: Decrypt
    RX-->>-R: Plaintext
Loading

GitHub Actions Integration

steps:
- name: Setup Xipher
  uses: shibme/xipher@v1
  with:
    version: 1.17.0  # optional

Host Your Own Web Interface

name: Publish Xipher Web
on:
  workflow_dispatch:
jobs:
  pages:
    uses: shibme/xipher/.github/workflows/pages.yaml@main

Web Assembly

<html>
<head>
	<meta charset="utf-8"/>
	<script src="https://xipher.org/wasm/wasm_exec.js"></script>
	<script>
		const go = new Go();
		WebAssembly.instantiateStreaming(
			fetch("https://xipher.org/wasm/xipher.wasm"), 
			go.importObject
		).then((result) => {
			go.run(result.instance);
		});
	</script>
</head>
<body>
	<!-- Call methods starting with 'xipher', e.g., xipherNewSecretKey() -->
</body>
</html>

Technical Details

Algorithms

Note: v1.19+ uses Go's native ML-KEM package for post-quantum crypto (FIPS 203 compliant). This breaks compatibility with previous Kyber implementations. Standard ECC encryption is unaffected.

Documentation

Contributing

Contributions are welcome. Fork the repo, make your changes, and submit a pull request. For bugs or feature requests, open an issue.

Security

This project is experimental - use with caution in production. If you find security issues, please report them.

A few things to keep in mind:

  • Password strength matters
  • Post-quantum algorithms are still evolving
  • Keep your dependencies updated

License

This project is licensed under the terms specified in the LICENSE file.

Acknowledgments

Thanks to these projects:

  • Retriever - Inspiration for web-based encryption concepts
  • StreamSaver.js - Browser file saving capabilities
  • age - Inspiration for Curve25519 and XChaCha20-Poly1305 usage

About

Xipher is a curated collection of cryptographic primitives put together to perform key/password based asymmetric encryption

xipher.org

Topics

cryptography crypto web-application post-quantum-cryptography encryption-tool end-to-end-encryption password-based-encryption xipher

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 40

v1.19.1 Latest
Nov 18, 2025
+ 39 releases

Packages

 
 
 

Languages