rtty-soda 0.2.2__tar.gz → 0.2.4__tar.gz

{rtty_soda-0.2.2 → rtty_soda-0.2.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: rtty-soda
-Version: 0.2.2
+Version: 0.2.4
 Summary: A CLI tool for Unix-like environments to encrypt a RTTY session using NaCl
 Keywords: cli,encryption,libsodium,nacl,rtty
 Author: Theo Saveliev
@@ -57,8 +57,8 @@ A CLI tool for Unix-like environments to encrypt a RTTY session using NaCl.
 #### Docker
 
 ```
-% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.2.2
-% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.2.2-tools
+% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.2.4
+% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.2.4-tools
 ```
 
 
@@ -165,24 +165,6 @@ A telegraph key is a specialized electrical switch used by a trained operator to
 transmit text messages in Morse code in a telegraphy system.
 The first telegraph key was invented by Alfred Vail, an associate of Samuel Morse.
 (c) Wikipedia
-
-% soda decrypt-public -h
-Usage: soda decrypt-public [OPTIONS] PRIVATE_KEY_FILE PUBLIC_KEY_FILE
-                           MESSAGE_FILE
-
-  Decrypt Message (Public).
-
-  Encoding: base26 | base31 | base36 | base64 | base94 | binary
-
-  Compression: zstd | zlib | bz2 | lzma | raw
-
-Options:
-  --key-encoding TEXT       [default: base64]
-  -e, --data-encoding TEXT  [default: base64]
-  -c, --compression TEXT    [default: zstd]
-  -o, --output-file FILE    Write output to file.
-  -v, --verbose             Show verbose output.
-  -h, --help                Show this message and exit.
 ```
 
 
@@ -194,26 +176,6 @@ Alice and Bob share a key for symmetric encryption:
 % soda genkey > shared
 % soda encrypt-secret shared message -o encrypted
 % soda decrypt-secret shared encrypted -o message
-
-% soda encrypt-secret -h
-Usage: soda encrypt-secret [OPTIONS] KEY_FILE MESSAGE_FILE
-
-  Encrypt Message (Secret).
-
-  Encoding: base26 | base31 | base36 | base64 | base94 | binary
-
-  Compression: zstd | zlib | bz2 | lzma | raw
-
-Options:
-  --key-encoding TEXT       [default: base64]
-  -e, --data-encoding TEXT  [default: base64]
-  -c, --compression TEXT    [default: zstd]
-  -o, --output-file FILE    Write output to file.
-  --group-len INTEGER       [default: 0]
-  --line-len INTEGER        [default: 80]
-  --padding INTEGER         [default: 0]
-  -v, --verbose             Show verbose output.
-  -h, --help                Show this message and exit.
 ```
 
 Another day, they share a password:
@@ -221,28 +183,6 @@ Another day, they share a password:
 ```
 % echo qwerty | soda encrypt-password - message -p interactive -o encrypted
 % echo qwerty | soda decrypt-password - encrypted -p interactive -o message
-
-% soda encrypt-password -h
-Usage: soda encrypt-password [OPTIONS] PASSWORD_FILE MESSAGE_FILE
-
-  Encrypt Message (Password).
-
-  KDF profile: interactive | moderate | sensitive
-
-  Encoding: base26 | base31 | base36 | base64 | base94 | binary
-
-  Compression: zstd | zlib | bz2 | lzma | raw
-
-Options:
-  -p, --kdf-profile TEXT    [default: sensitive]
-  -e, --data-encoding TEXT  [default: base64]
-  -c, --compression TEXT    [default: zstd]
-  -o, --output-file FILE    Write output to file.
-  --group-len INTEGER       [default: 0]
-  --line-len INTEGER        [default: 80]
-  --padding INTEGER         [default: 0]
-  -v, --verbose             Show verbose output.
-  -h, --help                Show this message and exit.
 ```
 
 
@@ -318,18 +258,58 @@ The rtty-soda supports various encodings:
 
 ```
 % soda encrypt-public alice bob_pub message --data-encoding base36 --group-len 5 --verbose
-D0MQT LF0K5 N997D JJXZ9 K85DJ DCEIF 3I2BN GCYOG KN02L 5TPKE 4UV25 AKD0R O9BKS
-6Y40L T2NET GQKXA B4C4X 6J88W N4HZK 5ACFE 8JWTC UZJBH LRXPE CJLL5 N8L2I BX2NS
-D9LYW H6EAT 1J2OA IHZC3 8L2JM 6XLS9 5M6Y2 E9FLU GHDVB WZWK7 WC2RQ OLQH6 OT725
-706MK ZSU6O V6PWA UHOTM XVFSK HE3OO M4E51 4R00I U3YL8 FJXFQ PZLM8 WYO6Z 50G5Q
-SM6BH GT1T7 ZBSDB 8COJ6 7DXCF K7T36 RSU06 6R9AS J7TEA D9BT7 Q8BCG D4YX
+9URCN ARRN8 MSE7G G9980 37D8S 568QP 16AZW TOHAI KYP5W VAK7R VZ6YO GZ38A QOIP7
+60P2E GWWOG DSHDD EG2TZ 7PSZM 7FKBX 50TAD RHS2E VM063 N297Y 753BP TLUX0 9K8BD
+DZF8O 7TPUG MJV4R T2C92 HU1G8 KGJCN URU1F 9COP9 EFLZO BSL2V 171DS 2HKPE JY2GY
+V86IT T0HBR 9B08H M9R2V IEM7A R91IF UWQYM ZV4JN 7YU3K ILPJY E8OMA NWQC5 Q6BG7
+PXM4I 9UU9E J9IRU HSZ41 RPZQG XTDC6 E5NMS B4HBQ 7QRI2 RRUYH HSHGQ 7USN
 Plaintext: 239
-Ciphertext: 382
-Overhead: 1.598
+Ciphertext: 319
+Overhead: 1.335
 Groups: 64
 ```
 
 
+## Environment variables
+
+Common options can be set in the environment variables:
+
+```
+% cat .env 
+KEY_ENCODING=base26
+DATA_ENCODING=base26
+COMPRESSION=bz2
+KDF_PROFILE=moderate
+VERBOSE=1
+GROUP_LEN=5
+LINE_LEN=80
+PADDING=1
+
+% set -a
+% source .env
+```
+
+
+## Alternative usage
+
+- Password source
+  ```
+  % echo 'A line from a book or a poem' | soda kdf - -e base94           
+  wN/K.@3Q#]Czn4kk3(negX=R|*xvvPQmk'XW$-s
+  ```
+
+- WireGuard keyer
+  ```
+  % echo 'A line from a book or a poem' | soda kdf - -o privkey
+  % cat privkey 
+  thyA4dlQgg93+rQj/evBbBymw82GTwQCh3RJ0I6GOsY=
+  % soda pubkey privkey 
+  ruIUMqbUtyqRVSIBLSGI7AOruE2DLWgTe9o+h7Yktkw=
+  % cat privkey | wg pubkey 
+  ruIUMqbUtyqRVSIBLSGI7AOruE2DLWgTe9o+h7Yktkw=
+  ```
+
+
 ## Compatibility
 
 During the initial development (versions prior to 1.0.0),

{rtty_soda-0.2.2 → rtty_soda-0.2.4}/README.md

@@ -34,8 +34,8 @@ A CLI tool for Unix-like environments to encrypt a RTTY session using NaCl.
 #### Docker
 
 ```
-% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.2.2
-% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.2.2-tools
+% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.2.4
+% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.2.4-tools
 ```
 
 
@@ -142,24 +142,6 @@ A telegraph key is a specialized electrical switch used by a trained operator to
 transmit text messages in Morse code in a telegraphy system.
 The first telegraph key was invented by Alfred Vail, an associate of Samuel Morse.
 (c) Wikipedia
-
-% soda decrypt-public -h
-Usage: soda decrypt-public [OPTIONS] PRIVATE_KEY_FILE PUBLIC_KEY_FILE
-                           MESSAGE_FILE
-
-  Decrypt Message (Public).
-
-  Encoding: base26 | base31 | base36 | base64 | base94 | binary
-
-  Compression: zstd | zlib | bz2 | lzma | raw
-
-Options:
-  --key-encoding TEXT       [default: base64]
-  -e, --data-encoding TEXT  [default: base64]
-  -c, --compression TEXT    [default: zstd]
-  -o, --output-file FILE    Write output to file.
-  -v, --verbose             Show verbose output.
-  -h, --help                Show this message and exit.
 ```
 
 
@@ -171,26 +153,6 @@ Alice and Bob share a key for symmetric encryption:
 % soda genkey > shared
 % soda encrypt-secret shared message -o encrypted
 % soda decrypt-secret shared encrypted -o message
-
-% soda encrypt-secret -h
-Usage: soda encrypt-secret [OPTIONS] KEY_FILE MESSAGE_FILE
-
-  Encrypt Message (Secret).
-
-  Encoding: base26 | base31 | base36 | base64 | base94 | binary
-
-  Compression: zstd | zlib | bz2 | lzma | raw
-
-Options:
-  --key-encoding TEXT       [default: base64]
-  -e, --data-encoding TEXT  [default: base64]
-  -c, --compression TEXT    [default: zstd]
-  -o, --output-file FILE    Write output to file.
-  --group-len INTEGER       [default: 0]
-  --line-len INTEGER        [default: 80]
-  --padding INTEGER         [default: 0]
-  -v, --verbose             Show verbose output.
-  -h, --help                Show this message and exit.
 ```
 
 Another day, they share a password:
@@ -198,28 +160,6 @@ Another day, they share a password:
 ```
 % echo qwerty | soda encrypt-password - message -p interactive -o encrypted
 % echo qwerty | soda decrypt-password - encrypted -p interactive -o message
-
-% soda encrypt-password -h
-Usage: soda encrypt-password [OPTIONS] PASSWORD_FILE MESSAGE_FILE
-
-  Encrypt Message (Password).
-
-  KDF profile: interactive | moderate | sensitive
-
-  Encoding: base26 | base31 | base36 | base64 | base94 | binary
-
-  Compression: zstd | zlib | bz2 | lzma | raw
-
-Options:
-  -p, --kdf-profile TEXT    [default: sensitive]
-  -e, --data-encoding TEXT  [default: base64]
-  -c, --compression TEXT    [default: zstd]
-  -o, --output-file FILE    Write output to file.
-  --group-len INTEGER       [default: 0]
-  --line-len INTEGER        [default: 80]
-  --padding INTEGER         [default: 0]
-  -v, --verbose             Show verbose output.
-  -h, --help                Show this message and exit.
 ```
 
 
@@ -295,18 +235,58 @@ The rtty-soda supports various encodings:
 
 ```
 % soda encrypt-public alice bob_pub message --data-encoding base36 --group-len 5 --verbose
-D0MQT LF0K5 N997D JJXZ9 K85DJ DCEIF 3I2BN GCYOG KN02L 5TPKE 4UV25 AKD0R O9BKS
-6Y40L T2NET GQKXA B4C4X 6J88W N4HZK 5ACFE 8JWTC UZJBH LRXPE CJLL5 N8L2I BX2NS
-D9LYW H6EAT 1J2OA IHZC3 8L2JM 6XLS9 5M6Y2 E9FLU GHDVB WZWK7 WC2RQ OLQH6 OT725
-706MK ZSU6O V6PWA UHOTM XVFSK HE3OO M4E51 4R00I U3YL8 FJXFQ PZLM8 WYO6Z 50G5Q
-SM6BH GT1T7 ZBSDB 8COJ6 7DXCF K7T36 RSU06 6R9AS J7TEA D9BT7 Q8BCG D4YX
+9URCN ARRN8 MSE7G G9980 37D8S 568QP 16AZW TOHAI KYP5W VAK7R VZ6YO GZ38A QOIP7
+60P2E GWWOG DSHDD EG2TZ 7PSZM 7FKBX 50TAD RHS2E VM063 N297Y 753BP TLUX0 9K8BD
+DZF8O 7TPUG MJV4R T2C92 HU1G8 KGJCN URU1F 9COP9 EFLZO BSL2V 171DS 2HKPE JY2GY
+V86IT T0HBR 9B08H M9R2V IEM7A R91IF UWQYM ZV4JN 7YU3K ILPJY E8OMA NWQC5 Q6BG7
+PXM4I 9UU9E J9IRU HSZ41 RPZQG XTDC6 E5NMS B4HBQ 7QRI2 RRUYH HSHGQ 7USN
 Plaintext: 239
-Ciphertext: 382
-Overhead: 1.598
+Ciphertext: 319
+Overhead: 1.335
 Groups: 64
 ```
 
 
+## Environment variables
+
+Common options can be set in the environment variables:
+
+```
+% cat .env 
+KEY_ENCODING=base26
+DATA_ENCODING=base26
+COMPRESSION=bz2
+KDF_PROFILE=moderate
+VERBOSE=1
+GROUP_LEN=5
+LINE_LEN=80
+PADDING=1
+
+% set -a
+% source .env
+```
+
+
+## Alternative usage
+
+- Password source
+  ```
+  % echo 'A line from a book or a poem' | soda kdf - -e base94           
+  wN/K.@3Q#]Czn4kk3(negX=R|*xvvPQmk'XW$-s
+  ```
+
+- WireGuard keyer
+  ```
+  % echo 'A line from a book or a poem' | soda kdf - -o privkey
+  % cat privkey 
+  thyA4dlQgg93+rQj/evBbBymw82GTwQCh3RJ0I6GOsY=
+  % soda pubkey privkey 
+  ruIUMqbUtyqRVSIBLSGI7AOruE2DLWgTe9o+h7Yktkw=
+  % cat privkey | wg pubkey 
+  ruIUMqbUtyqRVSIBLSGI7AOruE2DLWgTe9o+h7Yktkw=
+  ```
+
+
 ## Compatibility
 
 During the initial development (versions prior to 1.0.0),

{rtty_soda-0.2.2 → rtty_soda-0.2.4}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "rtty-soda"
-version = "0.2.2"
+version = "0.2.4"
 description = "A CLI tool for Unix-like environments to encrypt a RTTY session using NaCl"
 readme = "README.md"
 license = { text = "MIT" }
@@ -94,8 +94,8 @@ docker = ["docker-build", "docker-push"]
 shell = """
     IMAGE_TAG=nett/rtty-soda:$(uv version --short)
     PLATFORM=linux/amd64,linux/arm64/v8
-    docker build --tag ${IMAGE_TAG} --platform ${PLATFORM} --file Dockerfile --no-cache .
-    docker build --tag ${IMAGE_TAG}-tools --platform ${PLATFORM} --file Dockerfile-tools --no-cache .
+    docker build --tag ${IMAGE_TAG} --platform ${PLATFORM} --file docker/Dockerfile --no-cache docker
+    docker build --tag ${IMAGE_TAG}-tools --platform ${PLATFORM} --file docker/Dockerfile-tools --no-cache docker
 """
 
 [tool.poe.tasks.docker-push]

{rtty_soda-0.2.2 → rtty_soda-0.2.4}/src/rtty_soda/cli_io.py

@@ -1,7 +1,7 @@
 import random
 import re
 import string
-from typing import TYPE_CHECKING, TextIO, cast
+from typing import TYPE_CHECKING, BinaryIO, TextIO, cast
 
 if TYPE_CHECKING:
     from pathlib import Path
@@ -15,6 +15,7 @@ __all__ = [
     "pad_newlines",
     "print_stats",
     "read_bytes",
+    "read_ciphertext_bytes",
     "read_encoded_stripped",
     "read_key_bytes",
     "read_password_bytes",
@@ -31,6 +32,11 @@ def read_str(source: Path) -> str:
         return cast("TextIO", fd).read()
 
 
+def read_bytes(source: Path) -> bytes:
+    with click.open_file(source, mode="rb") as fd:
+        return cast("BinaryIO", fd).read()
+
+
 def remove_whitespace(data: str) -> str:
     return re.sub(r"\s", "", data)
 
@@ -41,15 +47,15 @@ def read_encoded_stripped(source: Path) -> bytes:
     return encode_str(data)
 
 
-def read_bytes(source: Path, encoder: Encoder) -> bytes:
+def read_ciphertext_bytes(source: Path, encoder: Encoder) -> bytes:
     if encoder.is_binary:
-        return source.read_bytes()
+        return read_bytes(source)
 
     return read_encoded_stripped(source)
 
 
 def read_key_bytes(source: Path, encoder: Encoder) -> bytes:
-    key = read_bytes(source, encoder)
+    key = read_ciphertext_bytes(source, encoder)
     return encoder.decode(key)
 
 
@@ -106,8 +112,8 @@ def write_output(target: Path | None, data: bytes) -> None:
         write_bytes_atomic(target, data)
 
 
-def print_stats(plaintext: bytes, ciphertext: bytes) -> None:
-    click.echo(f"Plaintext: {len(plaintext)}", err=True)
-    click.echo(f"Ciphertext: {len(ciphertext)}", err=True)
-    overhead = len(ciphertext) / len(plaintext)
+def print_stats(plaintext: int, ciphertext: int) -> None:
+    click.echo(f"Plaintext: {plaintext}", err=True)
+    click.echo(f"Ciphertext: {ciphertext}", err=True)
+    overhead = ciphertext / plaintext
     click.echo(f"Overhead: {overhead:.3f}", err=True)

{rtty_soda-0.2.2 → rtty_soda-0.2.4}/src/rtty_soda/main.py

@@ -9,6 +9,7 @@ from rtty_soda.cli_io import (
     format_output,
     print_stats,
     read_bytes,
+    read_ciphertext_bytes,
     read_key_bytes,
     read_password_bytes,
     write_output,
@@ -40,12 +41,16 @@ def cli() -> None:
 
 
 @cli.command()  # pyright: ignore[reportAny]
-@click.option("--encoding", "-e", default="base64", show_default=True)
+@click.option(
+    "--encoding", "-e", default="base64", show_default=True, envvar="KEY_ENCODING"
+)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--group-len", default=0, show_default=True)
-@click.option("--line-len", default=80, show_default=True)
-@click.option("--padding", default=0, show_default=True)
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option("--group-len", default=0, show_default=True, envvar="GROUP_LEN")
+@click.option("--line-len", default=80, show_default=True, envvar="LINE_LEN")
+@click.option("--padding", default=0, show_default=True, envvar="PADDING")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def genkey_cmd(
     encoding: str,
     output_file: Path | None,
@@ -63,10 +68,10 @@ def genkey_cmd(
     key = bytes(PrivateKey.generate())
     key = enc.encode(key)
 
-    key, groups = format_output(
+    formatted, groups = format_output(
         data=key, encoder=enc, group_len=group_len, line_len=line_len, padding=padding
     )
-    write_output(target=output_file, data=key)
+    write_output(target=output_file, data=formatted)
 
     if verbose:
         click.echo(f"Groups: {groups}", err=True)
@@ -74,12 +79,16 @@ def genkey_cmd(
 
 @cli.command()  # pyright: ignore[reportAny]
 @click.argument("private_key_file", type=in_path)
-@click.option("--encoding", "-e", default="base64", show_default=True)
+@click.option(
+    "--encoding", "-e", default="base64", show_default=True, envvar="KEY_ENCODING"
+)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--group-len", default=0, show_default=True)
-@click.option("--line-len", default=80, show_default=True)
-@click.option("--padding", default=0, show_default=True)
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option("--group-len", default=0, show_default=True, envvar="GROUP_LEN")
+@click.option("--line-len", default=80, show_default=True, envvar="LINE_LEN")
+@click.option("--padding", default=0, show_default=True, envvar="PADDING")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def pubkey_cmd(
     private_key_file: Path,
     encoding: str,
@@ -100,10 +109,10 @@ def pubkey_cmd(
     pub = bytes(priv.public_key)
     pub = enc.encode(pub)
 
-    pub, groups = format_output(
+    formatted, groups = format_output(
         data=pub, encoder=enc, group_len=group_len, line_len=line_len, padding=padding
     )
-    write_output(target=output_file, data=pub)
+    write_output(target=output_file, data=formatted)
 
     if verbose:
         click.echo(f"Groups: {groups}", err=True)
@@ -111,13 +120,19 @@ def pubkey_cmd(
 
 @cli.command()  # pyright: ignore[reportAny]
 @click.argument("password_file", type=in_path)
-@click.option("--encoding", "-e", default="base64", show_default=True)
-@click.option("--profile", "-p", default="sensitive", show_default=True)
+@click.option(
+    "--encoding", "-e", default="base64", show_default=True, envvar="KEY_ENCODING"
+)
+@click.option(
+    "--profile", "-p", default="sensitive", show_default=True, envvar="KDF_PROFILE"
+)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--group-len", default=0, show_default=True)
-@click.option("--line-len", default=80, show_default=True)
-@click.option("--padding", default=0, show_default=True)
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option("--group-len", default=0, show_default=True, envvar="GROUP_LEN")
+@click.option("--line-len", default=80, show_default=True, envvar="LINE_LEN")
+@click.option("--padding", default=0, show_default=True, envvar="PADDING")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def kdf_cmd(
     password_file: Path,
     encoding: str,
@@ -141,10 +156,10 @@ def kdf_cmd(
     key = kdf(password=pw, profile=prof)
     key = enc.encode(key)
 
-    key, groups = format_output(
+    formatted, groups = format_output(
         data=key, encoder=enc, group_len=group_len, line_len=line_len, padding=padding
     )
-    write_output(target=output_file, data=key)
+    write_output(target=output_file, data=formatted)
 
     if verbose:
         click.echo(f"Groups: {groups}", err=True)
@@ -154,14 +169,22 @@ def kdf_cmd(
 @click.argument("private_key_file", type=in_path)
 @click.argument("public_key_file", type=in_path)
 @click.argument("message_file", type=in_path)
-@click.option("--key-encoding", default="base64", show_default=True)
-@click.option("--data-encoding", "-e", default="base64", show_default=True)
-@click.option("--compression", "-c", default="zstd", show_default=True)
+@click.option(
+    "--key-encoding", default="base64", show_default=True, envvar="KEY_ENCODING"
+)
+@click.option(
+    "--data-encoding", "-e", default="base64", show_default=True, envvar="DATA_ENCODING"
+)
+@click.option(
+    "--compression", "-c", default="zstd", show_default=True, envvar="COMPRESSION"
+)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--group-len", default=0, show_default=True)
-@click.option("--line-len", default=80, show_default=True)
-@click.option("--padding", default=0, show_default=True)
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option("--group-len", default=0, show_default=True, envvar="GROUP_LEN")
+@click.option("--line-len", default=80, show_default=True, envvar="LINE_LEN")
+@click.option("--padding", default=0, show_default=True, envvar="PADDING")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def encrypt_public_cmd(
     private_key_file: Path,
     public_key_file: Path,
@@ -189,36 +212,44 @@ def encrypt_public_cmd(
     priv = PrivateKey(private_key=priv)
     pub = read_key_bytes(source=public_key_file, encoder=key_enc)
     pub = PublicKey(public_key=pub)
-    data = stats = message_file.read_bytes()
-    data = archiver(data)
+    plaintext = read_bytes(message_file)
+    data = archiver(plaintext)
     data = public.encrypt(private=priv, public=pub, data=data)
-    data = data_enc.encode(data)
+    ciphertext = data_enc.encode(data)
 
-    data, groups = format_output(
-        data=data,
+    formatted, groups = format_output(
+        data=ciphertext,
         encoder=data_enc,
         group_len=group_len,
         line_len=line_len,
         padding=padding,
     )
-    write_output(target=output_file, data=data)
+    write_output(target=output_file, data=formatted)
 
     if verbose:
-        print_stats(plaintext=stats, ciphertext=data)
+        print_stats(len(plaintext), len(ciphertext))
         click.echo(f"Groups: {groups}", err=True)
 
 
 @cli.command(aliases=["es"])  # pyright: ignore[reportAny]
 @click.argument("key_file", type=in_path)
 @click.argument("message_file", type=in_path)
-@click.option("--key-encoding", default="base64", show_default=True)
-@click.option("--data-encoding", "-e", default="base64", show_default=True)
-@click.option("--compression", "-c", default="zstd", show_default=True)
+@click.option(
+    "--key-encoding", default="base64", show_default=True, envvar="KEY_ENCODING"
+)
+@click.option(
+    "--data-encoding", "-e", default="base64", show_default=True, envvar="DATA_ENCODING"
+)
+@click.option(
+    "--compression", "-c", default="zstd", show_default=True, envvar="COMPRESSION"
+)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--group-len", default=0, show_default=True)
-@click.option("--line-len", default=80, show_default=True)
-@click.option("--padding", default=0, show_default=True)
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option("--group-len", default=0, show_default=True, envvar="GROUP_LEN")
+@click.option("--line-len", default=80, show_default=True, envvar="LINE_LEN")
+@click.option("--padding", default=0, show_default=True, envvar="PADDING")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def encrypt_secret_cmd(
     key_file: Path,
     message_file: Path,
@@ -242,36 +273,44 @@ def encrypt_secret_cmd(
     archiver = ARCHIVERS[compression]
 
     key = read_key_bytes(source=key_file, encoder=key_enc)
-    data = stats = message_file.read_bytes()
-    data = archiver(data)
+    plaintext = read_bytes(message_file)
+    data = archiver(plaintext)
     data = secret.encrypt(key=key, data=data)
-    data = data_enc.encode(data)
+    ciphertext = data_enc.encode(data)
 
-    data, groups = format_output(
-        data=data,
+    formatted, groups = format_output(
+        data=ciphertext,
         encoder=data_enc,
         group_len=group_len,
         line_len=line_len,
         padding=padding,
     )
-    write_output(target=output_file, data=data)
+    write_output(target=output_file, data=formatted)
 
     if verbose:
-        print_stats(plaintext=stats, ciphertext=data)
+        print_stats(len(plaintext), len(ciphertext))
         click.echo(f"Groups: {groups}", err=True)
 
 
 @cli.command(aliases=["ep"])  # pyright: ignore[reportAny]
 @click.argument("password_file", type=in_path)
 @click.argument("message_file", type=in_path)
-@click.option("--kdf-profile", "-p", default="sensitive", show_default=True)
-@click.option("--data-encoding", "-e", default="base64", show_default=True)
-@click.option("--compression", "-c", default="zstd", show_default=True)
+@click.option(
+    "--kdf-profile", "-p", default="sensitive", show_default=True, envvar="KDF_PROFILE"
+)
+@click.option(
+    "--data-encoding", "-e", default="base64", show_default=True, envvar="DATA_ENCODING"
+)
+@click.option(
+    "--compression", "-c", default="zstd", show_default=True, envvar="COMPRESSION"
+)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--group-len", default=0, show_default=True)
-@click.option("--line-len", default=80, show_default=True)
-@click.option("--padding", default=0, show_default=True)
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option("--group-len", default=0, show_default=True, envvar="GROUP_LEN")
+@click.option("--line-len", default=80, show_default=True, envvar="LINE_LEN")
+@click.option("--padding", default=0, show_default=True, envvar="PADDING")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def encrypt_password_cmd(
     password_file: Path,
     message_file: Path,
@@ -298,22 +337,22 @@ def encrypt_password_cmd(
 
     pw = read_password_bytes(password_file)
     key = kdf(password=pw, profile=prof)
-    data = stats = message_file.read_bytes()
-    data = archiver(data)
+    plaintext = read_bytes(message_file)
+    data = archiver(plaintext)
     data = secret.encrypt(key=key, data=data)
-    data = data_enc.encode(data)
+    ciphertext = data_enc.encode(data)
 
-    data, groups = format_output(
-        data=data,
+    formatted, groups = format_output(
+        data=ciphertext,
         encoder=data_enc,
         group_len=group_len,
         line_len=line_len,
         padding=padding,
     )
-    write_output(target=output_file, data=data)
+    write_output(target=output_file, data=formatted)
 
     if verbose:
-        print_stats(plaintext=stats, ciphertext=data)
+        print_stats(len(plaintext), len(ciphertext))
         click.echo(f"Groups: {groups}", err=True)
 
 
@@ -321,11 +360,19 @@ def encrypt_password_cmd(
 @click.argument("private_key_file", type=in_path)
 @click.argument("public_key_file", type=in_path)
 @click.argument("message_file", type=in_path)
-@click.option("--key-encoding", default="base64", show_default=True)
-@click.option("--data-encoding", "-e", default="base64", show_default=True)
-@click.option("--compression", "-c", default="zstd", show_default=True)
+@click.option(
+    "--key-encoding", default="base64", show_default=True, envvar="KEY_ENCODING"
+)
+@click.option(
+    "--data-encoding", "-e", default="base64", show_default=True, envvar="DATA_ENCODING"
+)
+@click.option(
+    "--compression", "-c", default="zstd", show_default=True, envvar="COMPRESSION"
+)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def decrypt_public_cmd(
     private_key_file: Path,
     public_key_file: Path,
@@ -350,25 +397,33 @@ def decrypt_public_cmd(
     priv = PrivateKey(private_key=priv)
     pub = read_key_bytes(source=public_key_file, encoder=key_enc)
     pub = PublicKey(public_key=pub)
-    data = stats = read_bytes(source=message_file, encoder=data_enc)
-    data = data_enc.decode(data)
+    ciphertext = read_ciphertext_bytes(source=message_file, encoder=data_enc)
+    data = data_enc.decode(ciphertext)
     data = public.decrypt(private=priv, public=pub, data=data)
-    data = unarchiver(data)
+    plaintext = unarchiver(data)
 
-    write_output(target=output_file, data=data)
+    write_output(target=output_file, data=plaintext)
 
     if verbose:
-        print_stats(plaintext=data, ciphertext=stats)
+        print_stats(len(plaintext), len(ciphertext))
 
 
 @cli.command(aliases=["ds"])  # pyright: ignore[reportAny]
 @click.argument("key_file", type=in_path)
 @click.argument("message_file", type=in_path)
-@click.option("--key-encoding", default="base64", show_default=True)
-@click.option("--data-encoding", "-e", default="base64", show_default=True)
-@click.option("--compression", "-c", default="zstd", show_default=True)
+@click.option(
+    "--key-encoding", default="base64", show_default=True, envvar="KEY_ENCODING"
+)
+@click.option(
+    "--data-encoding", "-e", default="base64", show_default=True, envvar="DATA_ENCODING"
+)
+@click.option(
+    "--compression", "-c", default="zstd", show_default=True, envvar="COMPRESSION"
+)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def decrypt_secret_cmd(
     key_file: Path,
     message_file: Path,
@@ -389,25 +444,33 @@ def decrypt_secret_cmd(
     unarchiver = UNARCHIVERS[compression]
 
     key = read_key_bytes(source=key_file, encoder=key_enc)
-    data = stats = read_bytes(source=message_file, encoder=data_enc)
-    data = data_enc.decode(data)
+    ciphertext = read_ciphertext_bytes(source=message_file, encoder=data_enc)
+    data = data_enc.decode(ciphertext)
     data = secret.decrypt(key=key, data=data)
-    data = unarchiver(data)
+    plaintext = unarchiver(data)
 
-    write_output(target=output_file, data=data)
+    write_output(target=output_file, data=plaintext)
 
     if verbose:
-        print_stats(plaintext=data, ciphertext=stats)
+        print_stats(len(plaintext), len(ciphertext))
 
 
 @cli.command(aliases=["dp"])  # pyright: ignore[reportAny]
 @click.argument("password_file", type=in_path)
 @click.argument("message_file", type=in_path)
-@click.option("--kdf-profile", "-p", default="sensitive", show_default=True)
-@click.option("--data-encoding", "-e", default="base64", show_default=True)
-@click.option("--compression", "-c", default="zstd", show_default=True)
+@click.option(
+    "--kdf-profile", "-p", default="sensitive", show_default=True, envvar="KDF_PROFILE"
+)
+@click.option(
+    "--data-encoding", "-e", default="base64", show_default=True, envvar="DATA_ENCODING"
+)
+@click.option(
+    "--compression", "-c", default="zstd", show_default=True, envvar="COMPRESSION"
+)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def decrypt_password_cmd(
     password_file: Path,
     message_file: Path,
@@ -431,15 +494,15 @@ def decrypt_password_cmd(
 
     pw = read_password_bytes(password_file)
     key = kdf(password=pw, profile=prof)
-    data = stats = read_bytes(source=message_file, encoder=data_enc)
-    data = data_enc.decode(data)
+    ciphertext = read_ciphertext_bytes(source=message_file, encoder=data_enc)
+    data = data_enc.decode(ciphertext)
     data = secret.decrypt(key=key, data=data)
-    data = unarchiver(data)
+    plaintext = unarchiver(data)
 
-    write_output(target=output_file, data=data)
+    write_output(target=output_file, data=plaintext)
 
     if verbose:
-        print_stats(plaintext=data, ciphertext=stats)
+        print_stats(len(plaintext), len(ciphertext))
 
 
 @cli.command()  # pyright: ignore[reportAny]
@@ -447,10 +510,12 @@ def decrypt_password_cmd(
 @click.argument("out_encoding")
 @click.argument("file", type=in_path)
 @click.option("--output-file", "-o", type=out_path, help="Write output to file.")
-@click.option("--group-len", default=0, show_default=True)
-@click.option("--line-len", default=80, show_default=True)
-@click.option("--padding", default=0, show_default=True)
-@click.option("--verbose", "-v", is_flag=True, help="Show verbose output.")
+@click.option("--group-len", default=0, show_default=True, envvar="GROUP_LEN")
+@click.option("--line-len", default=80, show_default=True, envvar="LINE_LEN")
+@click.option("--padding", default=0, show_default=True, envvar="PADDING")
+@click.option(
+    "--verbose", "-v", is_flag=True, envvar="VERBOSE", help="Show verbose output."
+)
 def encode_cmd(
     in_encoding: str,
     out_encoding: str,
@@ -468,18 +533,18 @@ def encode_cmd(
     in_enc = ENCODERS[in_encoding]
     out_enc = ENCODERS[out_encoding]
 
-    data = read_bytes(source=file, encoder=in_enc)
+    data = read_ciphertext_bytes(source=file, encoder=in_enc)
     data = in_enc.decode(data)
     data = out_enc.encode(data)
 
-    data, groups = format_output(
+    formatted, groups = format_output(
         data=data,
         encoder=out_enc,
         group_len=group_len,
         line_len=line_len,
         padding=padding,
     )
-    write_output(target=output_file, data=data)
+    write_output(target=output_file, data=formatted)
 
     if verbose:
         click.echo(f"Groups: {groups}", err=True)