sshbox: encrypt and decrypt files using OpenSSH keys. sshbox is a utility to encrypt and decrypt files using OpenSSH keys. The files may be PEM-encoded (ASCII-armoured) or DER-encoded (a binary format). Public keys may be fetched over HTTP(S); however, private keys must be local. sshbox uses cryptobox[1] as the underlying cryptographic system. It uses the sshkey[2] package to load the keys. The utility is designed for encryption smaller files (under 128M), as the file is read into memory. Password-protected keys are now supported, as are both ECDSA and RSA keys. Usage: sshbox [-ade] [-k key] source target -a=false: ASCII armour the box -d=false: decrypt file -e=false: encrypt file -k="": SSH key file -s="": SSH private key for signing -v="": SSH public for signature verification Installation: $ go get github.com/gokyle/sshbox $ go install github.com/gokyle/sshbox Signatures: Signature support is standing by, but uses RSASSA-PSS, which is not present as of Go 1.1.1, but it is in tip. Due to the fact that most users are not likely to be running tip, I've decided to wait to add this in until later. Once RSASSA-PSS support hits a distribution, I will merge this into master. License: sshbox is released under the ISC license. See the LICENSE file for the full test of the license. [1] http://cryptobox.tyrfingr.is/ [2] https://github.com/gokyle/sshkey/