@@ -41,7 +41,7 @@ Below a sample screenshot. More screenshots [here](screenshots).
4141
4242![ screenshot] ( screenshots/screenshot_TrezorSymmetricFileEncryption_mainWindow6.version04b.png )
4343
44- # Build and runtime requirements
44+ # Runtime requirements
4545
4646 * Use of passphrases must have been already enabled on your [ Trezor] ( https://www.trezor.io ) device.
4747 * [ Trezor] ( https://www.trezor.io ) device
8686Run-time command line options are
8787
8888```
89- TrezorSymmetricFileEncryption.py [-v] [-h] [-l <level>] [-t] [-e | -o | -d | -m | -n] [-2] [-s] [-w] [-p <passphrase>] [-r] [-R] <files>
90- -v, --version
91- print the version number
92- -h, --help
93- print short help text
94- -l, --logging
95- set logging level, integer from 1 to 5, 1=full logging, 5=no logging
96- -t, --terminal
97- run in the terminal, except for a possible PIN query
98- and a Passphrase query this avoids the GUI
99- -e, --encrypt
100- encrypt file and keep output filename as plaintext
101- (appends .tsfe suffix to input file)
102- -o, --obfuscatedencrypt
103- encrypt file and obfuscate output file name
104- -d, --decrypt
105- decrypt file
106- -m, --encnameonly
107- just encrypt the plaintext filename, show what the obfuscated
108- filename would be; does not encrypt the file itself;
109- incompaible with `-d` and `-n`
110- -n, --decnameonly
111- just decrypt the obfuscated filename;
112- does not decrypt the file itself;
113- incompaible with `-o`, `-e`, and `-m`
114- -2, --twice
115- paranoid mode; encrypt file a second time on the Trezor chip itself;
116- only relevant for `-e` and `-o`; ignored in all other cases.
117- Consider filesize: The Trezor chip is slow. 1M takes roughly 75 seconds.
118- -p, --passphrase
119- master passphrase used for Trezor.
120- It is recommended that you do not use this command line option
121- but rather give the passphrase through a small window interaction.
122- -r, --readpinfromstdin
123- read the PIN, if needed, from the standard input, i.e. terminal,
124- when in terminal mode `-t`. By default, even with `-t` set
125- it is read via a GUI window.
126- -R, --readpassphrasefromstdin
127- read the passphrase, when needed, from the standard input,
128- when in terminal mode `-t`. By default, even with `-t` set
129- it is read via a GUI window.
130- -s, --safety
131- doublechecks the encryption process by decrypting the just
132- encrypted file immediately and comparing it to original file;
133- doublechecks the decryption process by encrypting the just
134- decrypted file immediately and comparing it to original file;
135- Ignored for `-m` and `-n`.
136- Primarily useful for testing.
137- -w, --wipe
138- shred the inputfile after creating the output file
139- i.e. shred the plaintext file after encryption or
140- shred the encrypted file after decryption;
141- only relevant for `-d`, `-e` and `-o`; ignored in all other cases.
142- Use with extreme caution. May be used together with `-s`.
143- <files>
144- one or multiple files to be encrypted or decrypted
145-
146- All arguments are optional.
147-
148- All output files are always placed in the same directory as the input files.
149-
150- By default the GUI will be used.
151-
152- You can avoid the GUI by using `-t`, forcing the Terminal mode.
153- If you specify filename, possibly some `-o`, `-e`, or `-d` option, then
154- only PIN and Passphrase will be collected through windows.
155-
156- Most of the time TrezorSymmetricFileEncryption can detect automatically if
157- it needs to decrypt or encrypt by analyzing the given input file name.
158- So, in most of the cases you do not need to specify any
159- de/encryption option.
160- TrezorSymmetricFileEncryption will simply do the right thing.
161- In the very rare case that TrezorSymmetricFileEncryption determines
162- the wrong encrypt/decrypt operation you can force it to use the right one
163- by using either `-e` or `-d` or selecting the appropriate option in the GUI.
164-
165- If TrezorSymmetricFileEncryption automatically determines
166- that it has to encrypt of file, it will chose by default the
167- `-e` option, and create a plaintext encrypted files with an `.tsfe` suffix.
168-
169- If you want the output file name to be obfuscated you
170- must use the `-o` (obfuscate) flag or select that option in the GUI.
171-
172- Be aware of computation time and file sizes when you use `-2` option.
173- Encrypting on the Trezor takes time: 1M roughtly 75sec. 50M about 1h.
174- Without `-2` it is very fast, a 1G file taking roughly 15 seconds.
175-
176- For safety the file permission of encrypted files is set to read-only.
177-
178- Examples:
179- # specify everything in the GUI
180- TrezorSymmetricFileEncryption.py
181-
182- # specify everything in the GUI, set logging to verbose Debug level
183- TrezorSymmetricFileEncryption.py -l 1
184-
185- # encrypt contract producing contract.doc.tsfe
186- TrezorSymmetricFileEncryption.py contract.doc
187-
188- # encrypt contract and obfuscate output producing e.g. TQFYqK1nha1IfLy_qBxdGwlGRytelGRJ
189- TrezorSymmetricFileEncryption.py -o contract.doc
190-
191- # encrypt contract and obfuscate output producing e.g. TQFYqK1nha1IfLy_qBxdGwlGRytelGRJ
192- # performs safety check and then shreds contract.doc
193- TrezorSymmetricFileEncryption.py -e -o -s -w contract.doc
194-
195- # decrypt contract producing contract.doc
196- TrezorSymmetricFileEncryption.py contract.doc.tsfe
197-
198- # decrypt obfuscated contract producing contract.doc
199- TrezorSymmetricFileEncryption.py TQFYqK1nha1IfLy_qBxdGwlGRytelGRJ
200-
201- # shows plaintext name of encrypted file, e.g. contract.doc
202- TrezorSymmetricFileEncryption.py -n TQFYqK1nha1IfLy_qBxdGwlGRytelGRJ
203-
204- Keyboard shortcuts of GUI:
205- Apply, Save: Control-A, Control-S
206- Cancel, Quit: Esc, Control-Q
207- Copy to clipboard: Control-C
208- Version, About: Control-V
209- Set encrypt operation: Control-E
210- Set decrypt operation: Control-D
211- Set obfuscate option: Control-O
212- Set twice option: Control-2
213- Set safety option: Control-T
214- Set wipe option: Control-W
89+ TrezorSymmetricFileEncryption.py [-v] [-h] [-l <level>] [-t]
90+ [-e | -o | -d | -m | -n]
91+ [-2] [-s] [-w] [-p <passphrase>] [-r] [-R] [q] <files>
92+ -v, --version
93+ print the version number
94+ -h, --help
95+ print short help text
96+ -l, --logging
97+ set logging level, integer from 1 to 5, 1=full logging, 5=no logging
98+ -t, --terminal
99+ run in the terminal, except for a possible PIN query
100+ and a Passphrase query this avoids the GUI
101+ -e, --encrypt
102+ encrypt file and keep output filename as plaintext
103+ (appends .tsfe suffix to input file)
104+ -o, --obfuscatedencrypt
105+ encrypt file and obfuscate output file name
106+ -d, --decrypt
107+ decrypt file
108+ -m, --encnameonly
109+ just encrypt the plaintext filename, show what the obfuscated
110+ filename would be; does not encrypt the file itself;
111+ incompaible with `-d` and `-n`
112+ -n, --decnameonly
113+ just decrypt the obfuscated filename;
114+ does not decrypt the file itself;
115+ incompaible with `-o`, `-e`, and `-m`
116+ -2, --twice
117+ paranoid mode; encrypt file a second time on the Trezor chip itself;
118+ only relevant for `-e` and `-o`; ignored in all other cases.
119+ Consider filesize: The Trezor chip is slow. 1M takes roughly 75 seconds.
120+ -p, --passphrase
121+ master passphrase used for Trezor.
122+ It is recommended that you do not use this command line option
123+ but rather give the passphrase through a small window interaction.
124+ -r, --readpinfromstdin
125+ read the PIN, if needed, from the standard input, i.e. terminal,
126+ when in terminal mode `-t`. By default, even with `-t` set
127+ it is read via a GUI window.
128+ -R, --readpassphrasefromstdin
129+ read the passphrase, when needed, from the standard input,
130+ when in terminal mode `-t`. By default, even with `-t` set
131+ it is read via a GUI window.
132+ -s, --safety
133+ doublechecks the encryption process by decrypting the just
134+ encrypted file immediately and comparing it to original file;
135+ doublechecks the decryption process by encrypting the just
136+ decrypted file immediately and comparing it to original file;
137+ Ignored for `-m` and `-n`.
138+ Primarily useful for testing.
139+ -w, --wipe
140+ shred the inputfile after creating the output file
141+ i.e. shred the plaintext file after encryption or
142+ shred the encrypted file after decryption;
143+ only relevant for `-d`, `-e` and `-o`; ignored in all other cases.
144+ Use with extreme caution. May be used together with `-s`.
145+ -q, --noconfirm
146+ Eliminates the `Confirm` click on the Trezor button.
147+ This was only added to facilitate batch testing.
148+ It should be used EXCLUSIVELY for testing purposes.
149+ Do NOT use this option with real files!
150+ Furthermore, files encryped with `-n` cannot be decrypted
151+ without `-n`.
152+
153+ <files>
154+ one or multiple files to be encrypted or decrypted
155+
156+ All arguments are optional.
157+
158+ All output files are always placed in the same directory as the input files.
159+
160+ By default the GUI will be used.
161+
162+ You can avoid the GUI by using `-t`, forcing the Terminal mode.
163+ If you specify filename, possibly some `-o`, `-e`, or `-d` option, then
164+ only PIN and Passphrase will be collected through windows.
165+
166+ Most of the time TrezorSymmetricFileEncryption can detect automatically if
167+ it needs to decrypt or encrypt by analyzing the given input file name.
168+ So, in most of the cases you do not need to specify any
169+ de/encryption option.
170+ TrezorSymmetricFileEncryption will simply do the right thing.
171+ In the very rare case that TrezorSymmetricFileEncryption determines
172+ the wrong encrypt/decrypt operation you can force it to use the right one
173+ by using either `-e` or `-d` or selecting the appropriate option in the GUI.
174+
175+ If TrezorSymmetricFileEncryption automatically determines
176+ that it has to encrypt of file, it will chose by default the
177+ `-e` option, and create a plaintext encrypted files with an `.tsfe` suffix.
178+
179+ If you want the output file name to be obfuscated you
180+ must use the `-o` (obfuscate) flag or select that option in the GUI.
181+
182+ Be aware of computation time and file sizes when you use `-2` option.
183+ Encrypting on the Trezor takes time: 1M roughtly 75sec. 50M about 1h.
184+ Without `-2` it is very fast, a 1G file taking roughly 15 seconds.
185+
186+ For safety the file permission of encrypted files is set to read-only.
187+
188+ Examples:
189+ # specify everything in the GUI
190+ TrezorSymmetricFileEncryption.py
191+
192+ # specify everything in the GUI, set logging to verbose Debug level
193+ TrezorSymmetricFileEncryption.py -l 1
194+
195+ # encrypt contract producing contract.doc.tsfe
196+ TrezorSymmetricFileEncryption.py contract.doc
197+
198+ # encrypt contract and obfuscate output producing e.g. TQFYqK1nha1IfLy_qBxdGwlGRytelGRJ
199+ TrezorSymmetricFileEncryption.py -o contract.doc
200+
201+ # encrypt contract and obfuscate output producing e.g. TQFYqK1nha1IfLy_qBxdGwlGRytelGRJ
202+ # performs safety check and then shreds contract.doc
203+ TrezorSymmetricFileEncryption.py -e -o -s -w contract.doc
204+
205+ # decrypt contract producing contract.doc
206+ TrezorSymmetricFileEncryption.py contract.doc.tsfe
207+
208+ # decrypt obfuscated contract producing contract.doc
209+ TrezorSymmetricFileEncryption.py TQFYqK1nha1IfLy_qBxdGwlGRytelGRJ
210+
211+ # shows plaintext name of encrypted file, e.g. contract.doc
212+ TrezorSymmetricFileEncryption.py -n TQFYqK1nha1IfLy_qBxdGwlGRytelGRJ
213+
214+ Keyboard shortcuts of GUI:
215+ Apply, Save: Control-A, Control-S
216+ Cancel, Quit: Esc, Control-Q
217+ Copy to clipboard: Control-C
218+ Version, About: Control-V
219+ Set encrypt operation: Control-E
220+ Set decrypt operation: Control-D
221+ Set obfuscate option: Control-O
222+ Set twice option: Control-2
223+ Set safety option: Control-T
224+ Set wipe option: Control-W
215225```
216226
217227# Testing
0 commit comments