ciph 0.0.0__tar.gz → 0.1.0__tar.gz

ciph-0.1.0/LICENSE

@@ -0,0 +1,17 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+Copyright 2026 Ankit Chaubey
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

ciph-0.1.0/MANIFEST.in

@@ -0,0 +1,6 @@
+include LICENSE
+include README.md
+include ciph.c
+include ciph.h
+include Makefile
+recursive-include ciph/_native *.so

ciph-0.1.0/Makefile

@@ -0,0 +1,11 @@
+CC = clang
+CFLAGS = -O3 -fPIC
+LIBS = -lsodium
+
+all: libciph.so
+
+libciph.so: ciph.c ciph.h
+	$(CC) $(CFLAGS) -shared ciph.c -o libciph.so $(LIBS)
+
+clean:
+	rm -f libciph.so

ciph-0.1.0/PKG-INFO

@@ -0,0 +1,235 @@
+Metadata-Version: 2.4
+Name: ciph
+Version: 0.1.0
+Summary: Fast, streaming file encryption for large media files and cloud uploads
+Author-email: Ankit Chaubey <m.ankitchaubey@gmail.com>
+License: Apache License 2.0
+Project-URL: Homepage, https://github.com/ankit-chaubey/ciph
+Project-URL: Source, https://github.com/ankit-chaubey/ciph
+Project-URL: Issues, https://github.com/ankit-chaubey/ciph/issues
+Keywords: encryption,cryptography,security,aes,chacha20,argon2,streaming,files,privacy
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: System :: Archiving :: Backup
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: C
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: Unix
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: tqdm>=4.60.0
+Dynamic: license-file
+Dynamic: requires-python
+
+# ciph
+
+**ciph** is a fast, streaming file‑encryption tool built for **large media files** and **cloud uploads**. It uses modern, industry‑standard cryptography and is designed to safely encrypt files **larger than your system RAM**.
+
+> Encrypt locally. Upload anywhere. Decrypt only when you trust the environment.
+
+---
+
+## ❓ Why ciph?
+
+Most encryption tools load the entire file into memory before encrypting it. **ciph streams data in fixed-size chunks**, which means you can encrypt a **50 GB 4K video on a machine with only 2 GB of RAM**—smoothly and safely.
+
+## ✨ Features
+
+* 🔐 **Strong encryption** — AES‑256‑GCM or ChaCha20‑Poly1305
+* 🔑 **Password protection** — Argon2id (memory‑hard key derivation)
+* 🚀 **High performance** — streaming C core (1 MB chunks)
+* 🧠 **Constant memory usage** — works with 10 GB+ files
+* ⚙️ **Hardware‑aware** — AES‑NI when available, ChaCha fallback
+* 🧪 **Integrity protected** — AEAD authentication on every chunk
+* ☁️ **Cloud / Telegram safe** — encrypt before upload
+* 🏷️ **Filename preserved** — original filename & extension are stored and restored on decryption
+
+---
+
+## 🔐 Cryptographic Design
+
+`ciph` uses a **hybrid (envelope) encryption model**, similar to what is used in modern secure storage systems:
+
+1. A random **data key** encrypts the file in streaming mode.
+2. Your password is hardened using **Argon2id**.
+3. The data key is encrypted using the derived password key.
+4. Every chunk is authenticated to detect tampering.
+
+No custom crypto. No weak primitives.
+
+5. The **original filename (without path)** is stored as encrypted metadata and automatically restored on decryption.
+
+---
+
+## 🔒 Security Strength
+
+| Component                  | Algorithm                                | Strength     |
+| -------------------------- | ---------------------------------------- | ------------ |
+| File encryption            | AES‑256‑GCM                              | 256‑bit      |
+| File encryption (fallback) | ChaCha20‑Poly1305                        | 256‑bit      |
+| Password KDF               | Argon2id                                 | Memory‑hard  |
+| Integrity                  | AEAD                                     | Tamper‑proof |
+| Nonces                     | Key-derived per chunk (unique, no reuse) | No reuse     |
+
+### What this means
+
+* Brute‑force attacks are **computationally infeasible**
+* File corruption or tampering is **always detected**
+* Encrypted files are safe on **any cloud platform**
+* Losing the password means **data is unrecoverable**
+
+---
+
+## 🚀 Quick Start (Build from Source)
+
+```bash
+git clone https://github.com/ankit-chaubey/ciph
+cd ciph
+make
+pip install .
+```
+
+## 📦 Installation
+
+### Requirements
+
+* Linux / Termux
+* Python ≥ 3.8
+* libsodium
+
+### Install from PyPI
+
+```bash
+pip install ciph
+```
+
+---
+
+## 🚀 Usage
+
+### Encrypt a file
+
+```bash
+ciph encrypt video.mp4
+```
+
+Output:
+
+```
+video.mp4.ciph
+```
+
+### Decrypt a file
+
+```bash
+ciph decrypt video.mp4.ciph
+```
+
+Output:
+
+```
+video.mp4
+```
+
+> The original filename and extension are automatically restored, even if the encrypted file was renamed.`
+
+### Example workflow (Cloud / Telegram)
+
+```bash
+ciph encrypt movie.mkv
+# upload movie.mkv.ciph anywhere
+# share the password securely
+
+ciph decrypt movie.mkv.ciph
+```
+
+---
+
+## 📝 File Format (V2)
+
+| Offset | Size | Description                            |
+| ------ | ---- | -------------------------------------- |
+| 0      | 4    | Magic bytes (`CIPH`)                   |
+| 4      | 1    | Format version                         |
+| 5      | 1    | Cipher mode (1 = AES, 2 = ChaCha)      |
+| 6      | 16   | Argon2 salt                            |
+| 22     | 12   | Key nonce                              |
+| 34     | 1    | Filename length (N)                    |
+| 35     | N    | Original filename (UTF‑8)              |
+| 35+N   | 2    | Encrypted data‑key length              |
+| …      | …    | Encrypted data key + encrypted payload |
+
+## 📊 Performance
+
+* Processes data in **1 MB chunks**
+* Cryptography handled in **C (libsodium)**
+* Python used only for CLI orchestration
+* Typical throughput: **hundreds of MB/s** (CPU‑bound)
+
+Encryption is usually faster than your internet upload speed.
+
+---
+
+## ⚠️ Limitations (v0.1.0)
+
+* Linux / Termux only
+* No resume support yet
+* Progress bar shows start → finish (stream handled in C)
+* Password‑based encryption only (public‑key mode planned)
+* Filename metadata is visible (content remains fully encrypted)
+
+---
+
+## 🧑‍💻 Author & Project
+
+**ciph** is **designed, developed, and maintained** by
+
+[**Ankit Chaubey (@ankit‑chaubey)**](https://github.com/ankit-chaubey)
+
+GitHub Repository:
+👉 **[https://github.com/ankit-chaubey/ciph](https://github.com/ankit-chaubey/ciph)**
+
+The project focuses on building **secure, efficient, and practical cryptographic tools** for real‑world usage, especially for media files and cloud storage.
+
+---
+
+## 📜 License
+
+Apache License 2.0
+
+Copyright © 2026 Ankit Chaubey
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at:
+
+[https://www.apache.org/licenses/LICENSE-2.0](https://www.apache.org/licenses/LICENSE-2.0)
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and limitations under the License.
+
+---
+
+## 🔮 Roadmap
+
+Planned future improvements:
+
+* Parallel chunk encryption
+* Resume / partial decryption
+* Public‑key encryption mode
+* Real‑time progress callbacks
+* Prebuilt wheels (manylinux)
+
+---
+
+## ⚠️ Disclaimer
+
+This tool uses strong cryptography.
+
+If you forget your password, **your data cannot be recovered**.
+
+Use responsibly.

ciph-0.1.0/README.md

@@ -0,0 +1,208 @@
+# ciph
+
+**ciph** is a fast, streaming file‑encryption tool built for **large media files** and **cloud uploads**. It uses modern, industry‑standard cryptography and is designed to safely encrypt files **larger than your system RAM**.
+
+> Encrypt locally. Upload anywhere. Decrypt only when you trust the environment.
+
+---
+
+## ❓ Why ciph?
+
+Most encryption tools load the entire file into memory before encrypting it. **ciph streams data in fixed-size chunks**, which means you can encrypt a **50 GB 4K video on a machine with only 2 GB of RAM**—smoothly and safely.
+
+## ✨ Features
+
+* 🔐 **Strong encryption** — AES‑256‑GCM or ChaCha20‑Poly1305
+* 🔑 **Password protection** — Argon2id (memory‑hard key derivation)
+* 🚀 **High performance** — streaming C core (1 MB chunks)
+* 🧠 **Constant memory usage** — works with 10 GB+ files
+* ⚙️ **Hardware‑aware** — AES‑NI when available, ChaCha fallback
+* 🧪 **Integrity protected** — AEAD authentication on every chunk
+* ☁️ **Cloud / Telegram safe** — encrypt before upload
+* 🏷️ **Filename preserved** — original filename & extension are stored and restored on decryption
+
+---
+
+## 🔐 Cryptographic Design
+
+`ciph` uses a **hybrid (envelope) encryption model**, similar to what is used in modern secure storage systems:
+
+1. A random **data key** encrypts the file in streaming mode.
+2. Your password is hardened using **Argon2id**.
+3. The data key is encrypted using the derived password key.
+4. Every chunk is authenticated to detect tampering.
+
+No custom crypto. No weak primitives.
+
+5. The **original filename (without path)** is stored as encrypted metadata and automatically restored on decryption.
+
+---
+
+## 🔒 Security Strength
+
+| Component                  | Algorithm                                | Strength     |
+| -------------------------- | ---------------------------------------- | ------------ |
+| File encryption            | AES‑256‑GCM                              | 256‑bit      |
+| File encryption (fallback) | ChaCha20‑Poly1305                        | 256‑bit      |
+| Password KDF               | Argon2id                                 | Memory‑hard  |
+| Integrity                  | AEAD                                     | Tamper‑proof |
+| Nonces                     | Key-derived per chunk (unique, no reuse) | No reuse     |
+
+### What this means
+
+* Brute‑force attacks are **computationally infeasible**
+* File corruption or tampering is **always detected**
+* Encrypted files are safe on **any cloud platform**
+* Losing the password means **data is unrecoverable**
+
+---
+
+## 🚀 Quick Start (Build from Source)
+
+```bash
+git clone https://github.com/ankit-chaubey/ciph
+cd ciph
+make
+pip install .
+```
+
+## 📦 Installation
+
+### Requirements
+
+* Linux / Termux
+* Python ≥ 3.8
+* libsodium
+
+### Install from PyPI
+
+```bash
+pip install ciph
+```
+
+---
+
+## 🚀 Usage
+
+### Encrypt a file
+
+```bash
+ciph encrypt video.mp4
+```
+
+Output:
+
+```
+video.mp4.ciph
+```
+
+### Decrypt a file
+
+```bash
+ciph decrypt video.mp4.ciph
+```
+
+Output:
+
+```
+video.mp4
+```
+
+> The original filename and extension are automatically restored, even if the encrypted file was renamed.`
+
+### Example workflow (Cloud / Telegram)
+
+```bash
+ciph encrypt movie.mkv
+# upload movie.mkv.ciph anywhere
+# share the password securely
+
+ciph decrypt movie.mkv.ciph
+```
+
+---
+
+## 📝 File Format (V2)
+
+| Offset | Size | Description                            |
+| ------ | ---- | -------------------------------------- |
+| 0      | 4    | Magic bytes (`CIPH`)                   |
+| 4      | 1    | Format version                         |
+| 5      | 1    | Cipher mode (1 = AES, 2 = ChaCha)      |
+| 6      | 16   | Argon2 salt                            |
+| 22     | 12   | Key nonce                              |
+| 34     | 1    | Filename length (N)                    |
+| 35     | N    | Original filename (UTF‑8)              |
+| 35+N   | 2    | Encrypted data‑key length              |
+| …      | …    | Encrypted data key + encrypted payload |
+
+## 📊 Performance
+
+* Processes data in **1 MB chunks**
+* Cryptography handled in **C (libsodium)**
+* Python used only for CLI orchestration
+* Typical throughput: **hundreds of MB/s** (CPU‑bound)
+
+Encryption is usually faster than your internet upload speed.
+
+---
+
+## ⚠️ Limitations (v0.1.0)
+
+* Linux / Termux only
+* No resume support yet
+* Progress bar shows start → finish (stream handled in C)
+* Password‑based encryption only (public‑key mode planned)
+* Filename metadata is visible (content remains fully encrypted)
+
+---
+
+## 🧑‍💻 Author & Project
+
+**ciph** is **designed, developed, and maintained** by
+
+[**Ankit Chaubey (@ankit‑chaubey)**](https://github.com/ankit-chaubey)
+
+GitHub Repository:
+👉 **[https://github.com/ankit-chaubey/ciph](https://github.com/ankit-chaubey/ciph)**
+
+The project focuses on building **secure, efficient, and practical cryptographic tools** for real‑world usage, especially for media files and cloud storage.
+
+---
+
+## 📜 License
+
+Apache License 2.0
+
+Copyright © 2026 Ankit Chaubey
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at:
+
+[https://www.apache.org/licenses/LICENSE-2.0](https://www.apache.org/licenses/LICENSE-2.0)
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and limitations under the License.
+
+---
+
+## 🔮 Roadmap
+
+Planned future improvements:
+
+* Parallel chunk encryption
+* Resume / partial decryption
+* Public‑key encryption mode
+* Real‑time progress callbacks
+* Prebuilt wheels (manylinux)
+
+---
+
+## ⚠️ Disclaimer
+
+This tool uses strong cryptography.
+
+If you forget your password, **your data cannot be recovered**.
+
+Use responsibly.

ciph-0.1.0/ciph/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.0"

ciph-0.1.0/ciph/cli.py

@@ -0,0 +1,118 @@
+#!/usr/bin/env python3
+import sys, os, getpass, ctypes
+from tqdm import tqdm
+
+HERE = os.path.dirname(__file__)
+LIB = ctypes.CDLL(os.path.join(HERE, "_native", "libciph.so"))
+
+LIB.ciph_encrypt_stream.argtypes = [
+    ctypes.c_void_p, ctypes.c_void_p,
+    ctypes.c_char_p, ctypes.c_int,
+    ctypes.c_char_p
+]
+
+LIB.ciph_decrypt_stream.argtypes = [
+    ctypes.c_void_p, ctypes.c_void_p,
+    ctypes.c_char_p,
+    ctypes.c_char_p, ctypes.c_size_t
+]
+
+libc = ctypes.CDLL(None)
+fdopen = libc.fdopen
+fdopen.argtypes = [ctypes.c_int, ctypes.c_char_p]
+fdopen.restype = ctypes.c_void_p
+
+
+def detect_cipher():
+    try:
+        with open("/proc/cpuinfo") as f:
+            if "aes" in f.read().lower():
+                return 1
+    except Exception:
+        pass
+    return 2
+
+
+def get_password():
+    pwd = os.getenv("CIPH_PASSWORD")
+    if not pwd:
+        pwd = getpass.getpass("Password: ")
+    return pwd.encode()
+
+
+def c_file(py_file, mode):
+    fd = os.dup(py_file.fileno())   # 🔑 duplicate FD
+    return fdopen(fd, mode)
+
+
+def main():
+    if len(sys.argv) < 3:
+        print("usage: ciph encrypt|decrypt <file>")
+        sys.exit(1)
+
+    cmd, src = sys.argv[1], sys.argv[2]
+    password = get_password()
+    total_size = os.path.getsize(src)
+
+    fin_py = open(src, "rb")
+    fin = c_file(fin_py, b"rb")
+
+    name_buf = ctypes.create_string_buffer(256)
+
+    with tqdm(
+        total=total_size,
+        unit="B",
+        unit_scale=True,
+        desc=cmd.capitalize()
+    ) as bar:
+
+        if cmd == "encrypt":
+            out_name = src + ".ciph"
+            fout_py = open(out_name, "wb")
+            fout = c_file(fout_py, b"wb")
+
+            LIB.ciph_encrypt_stream(
+                fin,
+                fout,
+                password,
+                detect_cipher(),
+                os.path.basename(src).encode()
+            )
+
+            bar.update(total_size)
+
+        elif cmd == "decrypt":
+            tmp_name = ".__tmp__"
+            fout_py = open(tmp_name, "wb")
+            fout = c_file(fout_py, b"wb")
+
+            res = LIB.ciph_decrypt_stream(
+                fin,
+                fout,
+                password,
+                name_buf,
+                ctypes.sizeof(name_buf)
+            )
+
+            fout_py.close()
+
+            if res != 0:
+                os.remove(tmp_name)
+                print("ciph: wrong password or corrupted file", file=sys.stderr)
+                sys.exit(1)
+
+            out_name = name_buf.value.decode() or "output.dec"
+            os.rename(tmp_name, out_name)
+
+            bar.update(total_size)
+
+        else:
+            print("usage: ciph encrypt|decrypt <file>")
+            sys.exit(1)
+
+    fin_py.close()
+    print(f"[+] Output → {out_name}")
+
+
+if __name__ == "__main__":
+    main()

ciph-0.1.0/ciph.c

@@ -0,0 +1,241 @@
+/*
+ * ciph
+ * © 2026 Ankit Chaubey (@ankit-chaubey)
+ * https://github.com/ankit-chaubey/ciph
+ *
+ * Licensed under the Apache License, Version 2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
+ */
+#include "ciph.h"
+#include <sodium.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <arpa/inet.h>
+
+#define MAGIC   "CIPH"
+#define VERSION 2
+
+#define SALT_LEN  16
+#define KEY_LEN   32
+#define NONCE_LEN 12
+#define CHUNK     (1024 * 1024)
+
+static void die(const char *m) {
+    fprintf(stderr, "ciph: %s\n", m);
+    exit(1);
+}
+
+int ciph_encrypt_stream(
+    FILE *in,
+    FILE *out,
+    const char *password,
+    int cipher,
+    const char *original_name
+) {
+    if (sodium_init() < 0) die("sodium init failed");
+
+    uint8_t salt[SALT_LEN], data_key[KEY_LEN], derived[KEY_LEN];
+    randombytes_buf(salt, SALT_LEN);
+    randombytes_buf(data_key, KEY_LEN);
+
+    if (crypto_pwhash(
+        derived, KEY_LEN,
+        password, strlen(password),
+        salt,
+        crypto_pwhash_OPSLIMIT_MODERATE,
+        crypto_pwhash_MEMLIMIT_MODERATE,
+        crypto_pwhash_ALG_DEFAULT
+    ) != 0) die("pwhash failed");
+
+    uint8_t nonce_key[NONCE_LEN];
+    randombytes_buf(nonce_key, NONCE_LEN);
+
+    uint8_t enc_data_key[KEY_LEN + crypto_aead_chacha20poly1305_ietf_ABYTES];
+    unsigned long long enc_key_len;
+
+    crypto_aead_chacha20poly1305_ietf_encrypt(
+        enc_data_key, &enc_key_len,
+        data_key, KEY_LEN,
+        NULL, 0, NULL,
+        nonce_key, derived
+    );
+
+    /* Header */
+    fwrite(MAGIC, 1, 4, out);
+    fputc(VERSION, out);
+    fputc(cipher, out);
+    fwrite(salt, 1, SALT_LEN, out);
+    fwrite(nonce_key, 1, NONCE_LEN, out);
+
+    /* Filename */
+    uint8_t name_len = 0;
+    if (original_name) {
+        size_t len = strlen(original_name);
+        if (len > 255) len = 255;
+        name_len = (uint8_t)len;
+    }
+    fputc(name_len, out);
+    if (name_len > 0)
+        fwrite(original_name, 1, name_len, out);
+
+    uint16_t ek = htons((uint16_t)enc_key_len);
+    fwrite(&ek, sizeof(uint16_t), 1, out);
+    fwrite(enc_data_key, 1, enc_key_len, out);
+
+    /* Stream encryption (FRAMED) */
+    uint8_t buf[CHUNK];
+    uint64_t idx = 0;
+
+    while (1) {
+        size_t r = fread(buf, 1, CHUNK, in);
+        if (r == 0) break;
+
+        uint8_t nonce[NONCE_LEN];
+        crypto_generichash(
+            nonce, NONCE_LEN,
+            (uint8_t*)&idx, sizeof(idx),
+            data_key, KEY_LEN
+        );
+
+        uint8_t outbuf[CHUNK + crypto_aead_chacha20poly1305_ietf_ABYTES];
+        unsigned long long outlen;
+        int ok;
+
+        if (cipher == CIPH_AES) {
+            ok = crypto_aead_aes256gcm_encrypt(
+                outbuf, &outlen, buf, r,
+                NULL, 0, NULL, nonce, data_key
+            );
+        } else {
+            ok = crypto_aead_chacha20poly1305_ietf_encrypt(
+                outbuf, &outlen, buf, r,
+                NULL, 0, NULL, nonce, data_key
+            );
+        }
+
+        if (ok != 0) die("encrypt failed");
+
+        uint32_t clen = htonl((uint32_t)outlen);
+        fwrite(&clen, sizeof(uint32_t), 1, out);
+        fwrite(outbuf, 1, outlen, out);
+        idx++;
+    }
+
+    sodium_memzero(data_key, KEY_LEN);
+    sodium_memzero(derived, KEY_LEN);
+    return CIPH_OK;
+}
+
+int ciph_decrypt_stream(
+    FILE *in,
+    FILE *out,
+    const char *password,
+    char *out_name,
+    size_t out_name_len
+) {
+    if (sodium_init() < 0) die("sodium init failed");
+
+    char magic[4];
+    fread(magic, 1, 4, in);
+    if (memcmp(magic, MAGIC, 4)) die("bad magic");
+
+    int version = fgetc(in);
+    int cipher  = fgetc(in);
+    if (version != VERSION) die("bad version");
+
+    uint8_t salt[SALT_LEN], nonce_key[NONCE_LEN];
+    fread(salt, 1, SALT_LEN, in);
+    fread(nonce_key, 1, NONCE_LEN, in);
+
+    uint8_t name_len = fgetc(in);
+    if (name_len > 0 && out_name && out_name_len > name_len) {
+        fread(out_name, 1, name_len, in);
+        out_name[name_len] = '\0';
+    } else if (name_len > 0) {
+        fseek(in, name_len, SEEK_CUR);
+    }
+
+    uint16_t ek_len;
+    fread(&ek_len, sizeof(uint16_t), 1, in);
+    ek_len = ntohs(ek_len);
+
+    uint8_t enc_data_key[128];
+    fread(enc_data_key, 1, ek_len, in);
+
+    uint8_t derived[KEY_LEN], data_key[KEY_LEN];
+    if (crypto_pwhash(
+        derived, KEY_LEN,
+        password, strlen(password),
+        salt,
+        crypto_pwhash_OPSLIMIT_MODERATE,
+        crypto_pwhash_MEMLIMIT_MODERATE,
+        crypto_pwhash_ALG_DEFAULT
+    ) != 0) die("pwhash failed");
+
+    if (crypto_aead_chacha20poly1305_ietf_decrypt(
+        data_key, NULL, NULL,
+        enc_data_key, ek_len,
+        NULL, 0,
+        nonce_key, derived
+    ) != 0) {
+        fprintf(stderr, "ciph: wrong password or corrupted file\n");
+        return CIPH_ERR;
+    }
+
+    /* Stream decryption (FRAMED) */
+    uint8_t buf[CHUNK + crypto_aead_chacha20poly1305_ietf_ABYTES];
+    uint64_t idx = 0;
+
+    while (1) {
+        uint32_t clen_net;
+        if (fread(&clen_net, sizeof(uint32_t), 1, in) != 1)
+            break;
+
+        uint32_t clen = ntohl(clen_net);
+        if (clen > sizeof(buf)) {
+            fprintf(stderr, "ciph: corrupted chunk size\n");
+            return CIPH_ERR;
+        }
+
+        if (fread(buf, 1, clen, in) != clen) {
+            fprintf(stderr, "ciph: truncated file\n");
+            return CIPH_ERR;
+        }
+
+        uint8_t nonce[NONCE_LEN];
+        crypto_generichash(
+            nonce, NONCE_LEN,
+            (uint8_t*)&idx, sizeof(idx),
+            data_key, KEY_LEN
+        );
+
+        uint8_t outbuf[CHUNK];
+        unsigned long long outlen;
+        int ok;
+
+        if (cipher == CIPH_AES) {
+            ok = crypto_aead_aes256gcm_decrypt(
+                outbuf, &outlen, NULL,
+                buf, clen, NULL, 0, nonce, data_key
+            );
+        } else {
+            ok = crypto_aead_chacha20poly1305_ietf_decrypt(
+                outbuf, &outlen, NULL,
+                buf, clen, NULL, 0, nonce, data_key
+            );
+        }
+
+        if (ok != 0) {
+            fprintf(stderr, "ciph: integrity failure\n");
+            return CIPH_ERR;
+        }
+
+        fwrite(outbuf, 1, outlen, out);
+        idx++;
+    }
+
+    sodium_memzero(data_key, KEY_LEN);
+    sodium_memzero(derived, KEY_LEN);
+    return CIPH_OK;
+}

ciph-0.1.0/ciph.egg-info/PKG-INFO

@@ -0,0 +1,235 @@
+Metadata-Version: 2.4
+Name: ciph
+Version: 0.1.0
+Summary: Fast, streaming file encryption for large media files and cloud uploads
+Author-email: Ankit Chaubey <m.ankitchaubey@gmail.com>
+License: Apache License 2.0
+Project-URL: Homepage, https://github.com/ankit-chaubey/ciph
+Project-URL: Source, https://github.com/ankit-chaubey/ciph
+Project-URL: Issues, https://github.com/ankit-chaubey/ciph/issues
+Keywords: encryption,cryptography,security,aes,chacha20,argon2,streaming,files,privacy
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: System :: Archiving :: Backup
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: C
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: Unix
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: tqdm>=4.60.0
+Dynamic: license-file
+Dynamic: requires-python
+
+# ciph
+
+**ciph** is a fast, streaming file‑encryption tool built for **large media files** and **cloud uploads**. It uses modern, industry‑standard cryptography and is designed to safely encrypt files **larger than your system RAM**.
+
+> Encrypt locally. Upload anywhere. Decrypt only when you trust the environment.
+
+---
+
+## ❓ Why ciph?
+
+Most encryption tools load the entire file into memory before encrypting it. **ciph streams data in fixed-size chunks**, which means you can encrypt a **50 GB 4K video on a machine with only 2 GB of RAM**—smoothly and safely.
+
+## ✨ Features
+
+* 🔐 **Strong encryption** — AES‑256‑GCM or ChaCha20‑Poly1305
+* 🔑 **Password protection** — Argon2id (memory‑hard key derivation)
+* 🚀 **High performance** — streaming C core (1 MB chunks)
+* 🧠 **Constant memory usage** — works with 10 GB+ files
+* ⚙️ **Hardware‑aware** — AES‑NI when available, ChaCha fallback
+* 🧪 **Integrity protected** — AEAD authentication on every chunk
+* ☁️ **Cloud / Telegram safe** — encrypt before upload
+* 🏷️ **Filename preserved** — original filename & extension are stored and restored on decryption
+
+---
+
+## 🔐 Cryptographic Design
+
+`ciph` uses a **hybrid (envelope) encryption model**, similar to what is used in modern secure storage systems:
+
+1. A random **data key** encrypts the file in streaming mode.
+2. Your password is hardened using **Argon2id**.
+3. The data key is encrypted using the derived password key.
+4. Every chunk is authenticated to detect tampering.
+
+No custom crypto. No weak primitives.
+
+5. The **original filename (without path)** is stored as encrypted metadata and automatically restored on decryption.
+
+---
+
+## 🔒 Security Strength
+
+| Component                  | Algorithm                                | Strength     |
+| -------------------------- | ---------------------------------------- | ------------ |
+| File encryption            | AES‑256‑GCM                              | 256‑bit      |
+| File encryption (fallback) | ChaCha20‑Poly1305                        | 256‑bit      |
+| Password KDF               | Argon2id                                 | Memory‑hard  |
+| Integrity                  | AEAD                                     | Tamper‑proof |
+| Nonces                     | Key-derived per chunk (unique, no reuse) | No reuse     |
+
+### What this means
+
+* Brute‑force attacks are **computationally infeasible**
+* File corruption or tampering is **always detected**
+* Encrypted files are safe on **any cloud platform**
+* Losing the password means **data is unrecoverable**
+
+---
+
+## 🚀 Quick Start (Build from Source)
+
+```bash
+git clone https://github.com/ankit-chaubey/ciph
+cd ciph
+make
+pip install .
+```
+
+## 📦 Installation
+
+### Requirements
+
+* Linux / Termux
+* Python ≥ 3.8
+* libsodium
+
+### Install from PyPI
+
+```bash
+pip install ciph
+```
+
+---
+
+## 🚀 Usage
+
+### Encrypt a file
+
+```bash
+ciph encrypt video.mp4
+```
+
+Output:
+
+```
+video.mp4.ciph
+```
+
+### Decrypt a file
+
+```bash
+ciph decrypt video.mp4.ciph
+```
+
+Output:
+
+```
+video.mp4
+```
+
+> The original filename and extension are automatically restored, even if the encrypted file was renamed.`
+
+### Example workflow (Cloud / Telegram)
+
+```bash
+ciph encrypt movie.mkv
+# upload movie.mkv.ciph anywhere
+# share the password securely
+
+ciph decrypt movie.mkv.ciph
+```
+
+---
+
+## 📝 File Format (V2)
+
+| Offset | Size | Description                            |
+| ------ | ---- | -------------------------------------- |
+| 0      | 4    | Magic bytes (`CIPH`)                   |
+| 4      | 1    | Format version                         |
+| 5      | 1    | Cipher mode (1 = AES, 2 = ChaCha)      |
+| 6      | 16   | Argon2 salt                            |
+| 22     | 12   | Key nonce                              |
+| 34     | 1    | Filename length (N)                    |
+| 35     | N    | Original filename (UTF‑8)              |
+| 35+N   | 2    | Encrypted data‑key length              |
+| …      | …    | Encrypted data key + encrypted payload |
+
+## 📊 Performance
+
+* Processes data in **1 MB chunks**
+* Cryptography handled in **C (libsodium)**
+* Python used only for CLI orchestration
+* Typical throughput: **hundreds of MB/s** (CPU‑bound)
+
+Encryption is usually faster than your internet upload speed.
+
+---
+
+## ⚠️ Limitations (v0.1.0)
+
+* Linux / Termux only
+* No resume support yet
+* Progress bar shows start → finish (stream handled in C)
+* Password‑based encryption only (public‑key mode planned)
+* Filename metadata is visible (content remains fully encrypted)
+
+---
+
+## 🧑‍💻 Author & Project
+
+**ciph** is **designed, developed, and maintained** by
+
+[**Ankit Chaubey (@ankit‑chaubey)**](https://github.com/ankit-chaubey)
+
+GitHub Repository:
+👉 **[https://github.com/ankit-chaubey/ciph](https://github.com/ankit-chaubey/ciph)**
+
+The project focuses on building **secure, efficient, and practical cryptographic tools** for real‑world usage, especially for media files and cloud storage.
+
+---
+
+## 📜 License
+
+Apache License 2.0
+
+Copyright © 2026 Ankit Chaubey
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at:
+
+[https://www.apache.org/licenses/LICENSE-2.0](https://www.apache.org/licenses/LICENSE-2.0)
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and limitations under the License.
+
+---
+
+## 🔮 Roadmap
+
+Planned future improvements:
+
+* Parallel chunk encryption
+* Resume / partial decryption
+* Public‑key encryption mode
+* Real‑time progress callbacks
+* Prebuilt wheels (manylinux)
+
+---
+
+## ⚠️ Disclaimer
+
+This tool uses strong cryptography.
+
+If you forget your password, **your data cannot be recovered**.
+
+Use responsibly.

ciph-0.1.0/ciph.egg-info/SOURCES.txt

@@ -0,0 +1,16 @@
+LICENSE
+MANIFEST.in
+Makefile
+README.md
+ciph.c
+ciph.h
+pyproject.toml
+setup.py
+ciph/__init__.py
+ciph/cli.py
+ciph.egg-info/PKG-INFO
+ciph.egg-info/SOURCES.txt
+ciph.egg-info/dependency_links.txt
+ciph.egg-info/entry_points.txt
+ciph.egg-info/requires.txt
+ciph.egg-info/top_level.txt

ciph-0.1.0/ciph.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+ciph = ciph.cli:main

ciph-0.1.0/ciph.egg-info/requires.txt

@@ -0,0 +1 @@
+tqdm>=4.60.0

ciph-0.1.0/ciph.h

@@ -0,0 +1,36 @@
+/*
+ * ciph
+ * © 2026 Ankit Chaubey (@ankit-chaubey)
+ * https://github.com/ankit-chaubey/ciph
+ *
+ * Licensed under the Apache License, Version 2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
+ */
+#ifndef CIPH_H
+#define CIPH_H
+
+#include <stdio.h>
+
+#define CIPH_AES    1
+#define CIPH_CHACHA 2
+
+#define CIPH_OK  0
+#define CIPH_ERR -1
+
+int ciph_encrypt_stream(
+    FILE *in,
+    FILE *out,
+    const char *password,
+    int cipher,
+    const char *original_name
+);
+
+int ciph_decrypt_stream(
+    FILE *in,
+    FILE *out,
+    const char *password,
+    char *out_name,      // buffer (>=256 bytes)
+    size_t out_name_len
+);
+
+#endif

ciph-0.1.0/pyproject.toml

@@ -0,0 +1,45 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "ciph"
+version = "0.1.0"
+description = "Fast, streaming file encryption for large media files and cloud uploads"
+readme = "README.md"
+requires-python = ">=3.8"
+license = { text = "Apache License 2.0" }
+
+authors = [
+    { name = "Ankit Chaubey", email = "m.ankitchaubey@gmail.com" }
+]
+
+dependencies = [
+    "tqdm>=4.60.0",
+]
+
+keywords = [
+    "encryption", "cryptography", "security", "aes", "chacha20", 
+    "argon2", "streaming", "files", "privacy"
+]
+
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Topic :: Security :: Cryptography",
+    "Topic :: System :: Archiving :: Backup",
+    "License :: OSI Approved :: Apache Software License",
+    "Programming Language :: C",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3 :: Only",
+    "Operating System :: POSIX :: Linux",
+    "Operating System :: Unix"
+]
+
+[project.urls]
+Homepage = "https://github.com/ankit-chaubey/ciph"
+Source = "https://github.com/ankit-chaubey/ciph"
+Issues = "https://github.com/ankit-chaubey/ciph/issues"
+
+[project.scripts]
+ciph = "ciph.cli:main"

ciph-0.1.0/setup.py

@@ -0,0 +1,17 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="ciph",
+    version="0.1.0",
+    description="Fast streaming encryption for large media files",
+    long_description=open("README.md").read(),
+    long_description_content_type="text/markdown",
+    packages=find_packages(),
+    include_package_data=True,
+    entry_points={
+        "console_scripts": [
+            "ciph=ciph.cli:main",
+        ]
+    },
+    python_requires=">=3.8",
+)

ciph-0.0.0/PKG-INFO

@@ -1,15 +0,0 @@
-Metadata-Version: 2.4
-Name: ciph
-Version: 0.0.0
-Summary: Placeholder package reserved for future development.
-Author-email: Ankit Chaubey <m.ankitchaubey@gmail.com>
-License: MIT
-Project-URL: Homepage, https://github.com/ankit-chaubey/ciph
-Project-URL: Source, https://github.com/ankit-chaubey/ciph
-Project-URL: Issues, https://github.com/ankit-chaubey/ciph/issues
-Keywords: encryption,security,crypto
-Classifier: Programming Language :: Python :: 3
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Operating System :: OS Independent
-Requires-Python: >=3.8
-Description-Content-Type: text/markdown

ciph-0.0.0/ciph/__init__.py

@@ -1 +0,0 @@
-# welcome to ciph

ciph-0.0.0/ciph.egg-info/PKG-INFO

@@ -1,15 +0,0 @@
-Metadata-Version: 2.4
-Name: ciph
-Version: 0.0.0
-Summary: Placeholder package reserved for future development.
-Author-email: Ankit Chaubey <m.ankitchaubey@gmail.com>
-License: MIT
-Project-URL: Homepage, https://github.com/ankit-chaubey/ciph
-Project-URL: Source, https://github.com/ankit-chaubey/ciph
-Project-URL: Issues, https://github.com/ankit-chaubey/ciph/issues
-Keywords: encryption,security,crypto
-Classifier: Programming Language :: Python :: 3
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Operating System :: OS Independent
-Requires-Python: >=3.8
-Description-Content-Type: text/markdown

ciph-0.0.0/ciph.egg-info/SOURCES.txt

@@ -1,6 +0,0 @@
-pyproject.toml
-ciph/__init__.py
-ciph.egg-info/PKG-INFO
-ciph.egg-info/SOURCES.txt
-ciph.egg-info/dependency_links.txt
-ciph.egg-info/top_level.txt

ciph-0.0.0/pyproject.toml

@@ -1,27 +0,0 @@
-[build-system]
-requires = ["setuptools>=61.0"]
-build-backend = "setuptools.build_meta"
-
-[project]
-name = "ciph"                  # change to "vylt" if needed
-version = "0.0.0"
-description = "Placeholder package reserved for future development."
-readme = "README.md"
-requires-python = ">=3.8"
-license = { text = "MIT" }
-
-authors = [
-    { name = "Ankit Chaubey", email = "m.ankitchaubey@gmail.com" }
-]
-
-keywords = ["encryption", "security", "crypto"]
-classifiers = [
-    "Programming Language :: Python :: 3",
-    "License :: OSI Approved :: MIT License",
-    "Operating System :: OS Independent"
-]
-
-[project.urls]
-Homepage = "https://github.com/ankit-chaubey/ciph"
-Source = "https://github.com/ankit-chaubey/ciph"
-Issues = "https://github.com/ankit-chaubey/ciph/issues"