Minimal Unix-style command line crypto tool
Initial commit


browse log



You can also use your local clone with git send-email.


noseplumbs is a simple Unix-style command line encryption tool. It's written in POSIX C99 and has no dependencies.

It also doesn't exist, but patches welcome!

Example Usage

$ nopl genkey -e > enc.key
$ nopl genkey -s > sign.key
$ echo "Hello world!" > cleartext.txt
$ nopl encrypt enc.key < cleartext.txt > ciphertext.bin
$ nopl sign sign.key < cleartext.txt > cleartext.sig
$ nopl decrypt secret.key < ciphertext.bin > cleartext.txt
$ cat cleartext.txt
Hello world!
$ nopl pubkey < sign.key > pub.key
$ cat public.key | base64 > /dev/lp # hand printout to friend
$ nopl verify pub.key cleartext.sig < cleartext.txt
Good signature.
$ echo $?

Implementation Notes

  • Keys can be for signing or encryption or both, but separate keys recommended
  • Output format should specify the algorithm used and a serialization version
  • Which will always be ed25519/x25519 via AES
  • Output is binary, if you want armor pipe it through base64
$ cat ciphertext.bin
ed25519:1:[terminal proceeds to shit itself]
  • Mandatory -O0 to prevent gcc bullshit from doing stupid bullshit
  • mlockall