ghostbit-cli 1.3.0__tar.gz → 1.5.0__tar.gz

{ghostbit_cli-1.3.0 → ghostbit_cli-1.5.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ghostbit-cli
-Version: 1.3.0
+Version: 1.5.0
 Summary: Ghostbit CLI — create end-to-end encrypted pastes from the terminal
 License-Expression: MIT
 Project-URL: Homepage, https://github.com/stackopshq/ghostbit

{ghostbit_cli-1.3.0 → ghostbit_cli-1.5.0}/__init__.py

@@ -27,7 +27,9 @@ from ._completion import cmd_completion as _cmd_completion_raw
 from ._config import DEFAULT_SERVER, cmd_config, load_config
 from ._crypto import (
     decrypt,
+    decrypt_bytes,
     derive_key,
+    derive_key_for,
     encrypt,
     gen_key,
     gen_salt,
@@ -109,12 +111,20 @@ def cmd_paste(args) -> None:
 
     if password:
         kdf_salt = gen_salt()
-        key = derive_key(password, kdf_salt)
+        kdf_choice = args.kdf
+        key = derive_key_for(kdf_choice, password, kdf_salt)
     else:
         key = gen_key()
         kdf_salt = None
+        kdf_choice = "pbkdf2-sha256"  # ignored when has_password is false
 
-    ciphertext, nonce = encrypt(content, key)
+    if args.compress:
+        import gzip
+
+        payload_input: str | bytes = gzip.compress(content.encode())
+    else:
+        payload_input = content
+    ciphertext, nonce = encrypt(payload_input, key)
 
     payload = {
         "content": ciphertext,
@@ -124,6 +134,8 @@ def cmd_paste(args) -> None:
         "expires_in": args.expires,
         "burn": args.burn,
         "max_views": args.max_views,
+        "compressed": args.compress,
+        "kdf": kdf_choice,
     }
 
     result = api_create(server, payload)
@@ -262,14 +274,22 @@ def cmd_view(args) -> None:
         if not kdf_salt:
             print("Error: no KDF salt — paste is not password-protected.", file=sys.stderr)
             sys.exit(1)
-        key = derive_key(password, kdf_salt)
+        # Server tells us which KDF was used; default to legacy PBKDF2 for
+        # pastes written before the field existed.
+        kdf_choice = data.get("kdf") or "pbkdf2-sha256"
+        key = derive_key_for(kdf_choice, password, kdf_salt)
     else:
         # Restore base64 padding stripped for URL safety.
         padded = key_b64url + "=" * (-len(key_b64url) % 4)
         key = base64.urlsafe_b64decode(padded)
 
     try:
-        plaintext = decrypt(data["content"], data["nonce"], key)
+        if data.get("compressed"):
+            import gzip
+
+            plaintext = gzip.decompress(decrypt_bytes(data["content"], data["nonce"], key)).decode()
+        else:
+            plaintext = decrypt(data["content"], data["nonce"], key)
     except Exception:  # noqa: BLE001
         print("Error: decryption failed — wrong key or corrupted paste.", file=sys.stderr)
         sys.exit(1)
@@ -501,6 +521,14 @@ current server: {current_server}
         "--burn", "-b", action="store_true",
         help="Delete after the first view.",
     )  # fmt: skip
+    parser.add_argument(
+        "--compress", "-z", action="store_true",
+        help="Gzip the plaintext locally BEFORE encryption (60–80%% smaller for text).",
+    )  # fmt: skip
+    parser.add_argument(
+        "--kdf", choices=("pbkdf2-sha256", "argon2id"), default="pbkdf2-sha256",
+        help="Key derivation function (used only with --password). Default: pbkdf2-sha256.",
+    )  # fmt: skip
     parser.add_argument(
         "--max-views", "-m", type=int, default=None, metavar="N",
         help="Delete after N views.",

ghostbit_cli-1.5.0/_crypto.py

@@ -0,0 +1,120 @@
+"""Client-side crypto — mirrors the browser's static/e2e.js behaviour.
+
+Any parameter change here (PBKDF2 iterations, AES mode, nonce length,
+salt length) must be reflected in static/e2e.js and in the app/api.py
+validators, or pastes created by one side will be unreadable by the
+other. See tests/test_cli_crypto.py for the contract.
+"""
+
+from __future__ import annotations
+
+import base64
+import os
+import sys
+
+try:
+    from cryptography.hazmat.primitives import hashes as _hashes
+    from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+    from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+
+    _CRYPTO_OK = True
+except ImportError:
+    _CRYPTO_OK = False
+
+try:
+    from argon2.low_level import Type as _Argon2Type
+    from argon2.low_level import hash_secret_raw as _argon2_hash
+
+    _ARGON2_OK = True
+except ImportError:
+    _ARGON2_OK = False
+
+_PBKDF2_ITERATIONS = 600_000
+
+# OWASP 2023+ minimum for Argon2id in interactive contexts (browser/CLI).
+# m = memory in KiB; t = passes; p = parallelism; hash length in bytes.
+# Anything stronger meaningfully impacts page-load time on a phone — bump
+# these together with the browser WASM lib's defaults when it lands.
+_ARGON2_MEMORY_KIB = 19_456  # 19 MiB
+_ARGON2_TIME_COST = 2
+_ARGON2_PARALLELISM = 1
+
+
+def require_crypto() -> None:
+    """Abort with an actionable message if `cryptography` is missing."""
+    if not _CRYPTO_OK:
+        print(
+            "Error: 'cryptography' package required. Run: pip install cryptography",
+            file=sys.stderr,
+        )
+        sys.exit(1)
+
+
+def gen_key() -> bytes:
+    return os.urandom(32)
+
+
+def gen_salt() -> str:
+    return base64.b64encode(os.urandom(16)).decode()
+
+
+def encrypt(plaintext: str | bytes, key: bytes) -> tuple[str, str]:
+    """Encrypt a string or raw bytes with AES-256-GCM. Returns (ct_b64, nonce_b64)."""
+    nonce = os.urandom(12)
+    data = plaintext.encode() if isinstance(plaintext, str) else plaintext
+    ct = AESGCM(key).encrypt(nonce, data, None)
+    return base64.b64encode(ct).decode(), base64.b64encode(nonce).decode()
+
+
+def decrypt_bytes(ciphertext_b64: str, nonce_b64: str, key: bytes) -> bytes:
+    """Decrypt returning raw bytes — used by the compressed-paste path."""
+    ct = base64.b64decode(ciphertext_b64)
+    nonce = base64.b64decode(nonce_b64)
+    return AESGCM(key).decrypt(nonce, ct, None)
+
+
+def decrypt(ciphertext_b64: str, nonce_b64: str, key: bytes) -> str:
+    return decrypt_bytes(ciphertext_b64, nonce_b64, key).decode()
+
+
+def derive_key(password: str, salt_b64: str) -> bytes:
+    """PBKDF2-SHA256 at 600k iterations — the historical default."""
+    salt = base64.b64decode(salt_b64)
+    kdf = PBKDF2HMAC(
+        algorithm=_hashes.SHA256(), length=32, salt=salt, iterations=_PBKDF2_ITERATIONS
+    )
+    return kdf.derive(password.encode())
+
+
+def derive_key_argon2id(password: str, salt_b64: str) -> bytes:
+    """Argon2id with OWASP minimum params (m=19 MiB, t=2, p=1)."""
+    if not _ARGON2_OK:
+        print(
+            "Error: 'argon2-cffi' package required for --kdf argon2id. "
+            "Run: pip install argon2-cffi",
+            file=sys.stderr,
+        )
+        sys.exit(1)
+    salt = base64.b64decode(salt_b64)
+    return _argon2_hash(
+        secret=password.encode(),
+        salt=salt,
+        time_cost=_ARGON2_TIME_COST,
+        memory_cost=_ARGON2_MEMORY_KIB,
+        parallelism=_ARGON2_PARALLELISM,
+        hash_len=32,
+        type=_Argon2Type.ID,
+    )
+
+
+def derive_key_for(kdf: str, password: str, salt_b64: str) -> bytes:
+    """Dispatch to the right KDF based on the protocol's kdf field."""
+    if kdf == "pbkdf2-sha256":
+        return derive_key(password, salt_b64)
+    if kdf == "argon2id":
+        return derive_key_argon2id(password, salt_b64)
+    raise ValueError(f"unsupported kdf {kdf!r}")
+
+
+def key_to_fragment(key: bytes) -> str:
+    return base64.urlsafe_b64encode(key).rstrip(b"=").decode()

{ghostbit_cli-1.3.0 → ghostbit_cli-1.5.0}/ghostbit_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ghostbit-cli
-Version: 1.3.0
+Version: 1.5.0
 Summary: Ghostbit CLI — create end-to-end encrypted pastes from the terminal
 License-Expression: MIT
 Project-URL: Homepage, https://github.com/stackopshq/ghostbit

{ghostbit_cli-1.3.0 → ghostbit_cli-1.5.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ghostbit-cli"
-version = "1.3.0"
+version = "1.5.0"
 description = "Ghostbit CLI — create end-to-end encrypted pastes from the terminal"
 readme = "README.md"
 license = "MIT"

ghostbit_cli-1.3.0/_crypto.py

@@ -1,67 +0,0 @@
-"""Client-side crypto — mirrors the browser's static/e2e.js behaviour.
-
-Any parameter change here (PBKDF2 iterations, AES mode, nonce length,
-salt length) must be reflected in static/e2e.js and in the app/api.py
-validators, or pastes created by one side will be unreadable by the
-other. See tests/test_cli_crypto.py for the contract.
-"""
-
-from __future__ import annotations
-
-import base64
-import os
-import sys
-
-try:
-    from cryptography.hazmat.primitives import hashes as _hashes
-    from cryptography.hazmat.primitives.ciphers.aead import AESGCM
-    from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
-
-    _CRYPTO_OK = True
-except ImportError:
-    _CRYPTO_OK = False
-
-_PBKDF2_ITERATIONS = 600_000
-
-
-def require_crypto() -> None:
-    """Abort with an actionable message if `cryptography` is missing."""
-    if not _CRYPTO_OK:
-        print(
-            "Error: 'cryptography' package required. Run: pip install cryptography",
-            file=sys.stderr,
-        )
-        sys.exit(1)
-
-
-def gen_key() -> bytes:
-    return os.urandom(32)
-
-
-def gen_salt() -> str:
-    return base64.b64encode(os.urandom(16)).decode()
-
-
-def encrypt(plaintext: str, key: bytes) -> tuple[str, str]:
-    nonce = os.urandom(12)
-    ct = AESGCM(key).encrypt(nonce, plaintext.encode(), None)
-    return base64.b64encode(ct).decode(), base64.b64encode(nonce).decode()
-
-
-def decrypt(ciphertext_b64: str, nonce_b64: str, key: bytes) -> str:
-    ct = base64.b64decode(ciphertext_b64)
-    nonce = base64.b64decode(nonce_b64)
-    pt = AESGCM(key).decrypt(nonce, ct, None)
-    return pt.decode()
-
-
-def derive_key(password: str, salt_b64: str) -> bytes:
-    salt = base64.b64decode(salt_b64)
-    kdf = PBKDF2HMAC(
-        algorithm=_hashes.SHA256(), length=32, salt=salt, iterations=_PBKDF2_ITERATIONS
-    )
-    return kdf.derive(password.encode())
-
-
-def key_to_fragment(key: bytes) -> str:
-    return base64.urlsafe_b64encode(key).rstrip(b"=").decode()