Erfr project



What is Erfr?

Erfr logoThe Erfr project is an encryption tool based on the one-time pad encryption method, built to encrypt files in a secure way.


Where Erfr has its name from — a true story!

Quite some people ask me, where the name Erfr comes from, what it actually means and also how to pronounce it.

After developing my first one-time pad implementation in 2007, I thought of some names for it, but then I decided to give it a random name, because it uses an encryption engine which encrypts data with random bytes.

I opened a Python shell and executed a method to generate a random number between 3 and 10 which returned the value 4. This value set the length for the project name. Then, I decided to take the first four letters of the first word I read outside my office for the name of my project.

A few hours later, after working on some other projects, I had a little break and went to the snack bar to get something to drink and also some snacks, of course. At that time, I did not have my name concept in mind and entered the snack bar like I do every day.

Looking for a drink, the first word I have read was "Erfrischungsgetränke" (German for "soft drinks"). At this moment I remembered the name concept and realized, my encryption project is going to be called Erfr.

Therefore, the word Erfr does not have a certain meaning. Maybe there are languages where it has, but that would be purely coincidental. It could be seen as a rough abbreviation for Encrypt Files with Random bytes. In order to simplify pronunciation, the name Erfr is officially pronounced like the words "air" and "far" together, which results in "airfar".


Further information about the project.

Python poweredThe Erfr project is written in Python and platform independent.

Due to the fact, that the project is intended for shell and scripting purposes, it does not come with a graphical user interface.

Encryption engine

As mentioned above, Erfr uses the one-time pad encryption which allows to encrypt all kinds of files in a secure way. However, it does not support on-the-fly encryption.

Quoting the Wikipedia article (from April 16th, 2016), the one-time pad is "an encryption technique that cannot be cracked if used correctly". The encrypted file is completely useless without the corresponding key file and vice versa.

However, when using one-time pad there are some issues, briefly stated:

  • The encrypted as well as the key file have the same file size as the input file to encrypt.
    • Depending on the size of that file, this may require quite some hard disk space.
    • Without obfuscation, the corresponding files can be assigned to each other by their size.
  • In order to increase security, the encrypted and the key file should be stored or transferred separately, for example by using different media.
  • The key file (or any parts of it) must not be used multiple times to encrypt data as this would be a security risk.

Further information and details, can be found on the corresponding Wikipedia page.

Key generation

By default, the Erfr components use the Python method os.urandom() to generate random bytes for key files and obfuscation purposes, which is a pseudo-random number generator using sources provided by the operating system (such as /dev/urandom on Unix-like systems or CryptGenRandom on Windows).

The quality of the random bytes generated by the os.urandom() method may vary on different operating systems, depending on the implementation of the pseudo-random number generator.

The main reason why Erfr uses this method by default is the fact, that it is available on various operating systems without any additional libraries.

On Unix-like systems /dev/random can also be used for generating random bytes, but will block the encryption and key generation processes while waiting for more entropy (details can be found here).

The Fortuna PRNG (Pseudo-Random Number Generator) is also supported, but requires the PyCrypto library (see the requirements section for details).

Furthermore, it is also possible to use key files generated by an external tool (or hardware) in case you do not want to use the random value generators provided or supported by Erfr for some reason.


For now, the main features of Erfr are the following:

  • Secure encryption of files (as well as the decryption of encrypted data).
  • Optional obfuscation of the encrypted and the key files.
  • Enhanced options to complicate cracking the encrypted data (e. g. in case an unauthorized person has gained access to the encrypted and the key file).


What the project consists of and what each component is for.

Main component

The main component encrypts (or decrypts) a file using either the standard one-time pad method or a user-defined enhanced one. It allows dynamic encryption by providing different optional features to additionally modify the output data. Furthermore, it allows exporting the encryption parameters into a file which can be processed by the Erfr Executor component.


Erfr Cleaner

The temporary file cleaner removes all remaining temporary files of the Erfr components in case they have not been deleted automatically for some reason.

Erfr Executor

The executor component parses parameter files created by the main Erfr component and starts an encryption or decryption process based on the information read from that file.

Erfr Extractor

The extractor component reads or extracts (reads and removes) a user-defined byte range out of an existing file (e. g. a key file) and writes that data into a new file.

Erfr Key Finder

The key finder finds the corresponding key for an encrypted file and vice versa, but only if the file size of the encrypted or the key file has not been obfuscated (e. g. by adding random bytes).

Erfr Key Generator

The key generator builds a key file or string which can either be used for encryption or obfuscation purposes (for example as a fake key).

Erfr Monitor

The process monitor returns or monitors the current status of an Erfr encryption, decryption, key generation or file obfuscation process.

Erfr Obfuscator

The so called post-obfuscator afterwards obfuscates already existing encrypted and key files by adding random bytes.


Stuff that is required to get Erfr running.


Software requirements in general:

  • Python framework (either of them, further information can be found here)
    • Python 2.x (version 2.7 or higher is recommended, may also work with earlier versions)
    • Python 3.x (version 3.2 or higher is recommended, may also work with earlier versions)

Fortuna PRNG

This optional feature requires the PyCrypto library (version 2.1.0 or higher).

While developing and testing this feature, version 2.6.1 of the PyCrypto library has been used. However, the feature should work with newer versions and may also work with older ones.

Even though, it may work with older versions, it is strongly recommended to use the current version of the library and keep it up-to-date.


How to use Erfr.

The following usage example shows how to execute the Python script on the shell of a Unix-like system.

If you do not know, how to run Python scripts on your operating system, you may click here.

The project also comes with some help files which contain fundamental documentation as well as usage examples for each component of the project.

Usually, each script requires command-line arguments to operate. So, to get an overview of all arguments available, simply run the script with the --help argument. For example:

$ ./ --help
                         [-b BUFFER_SIZE] [-h] [-r] [--version]

Extract a user-defined byte range from an existing into a new file.

required arguments:
  -i INPUT_FILE, --input-file INPUT_FILE
                        input file path
  -l LENGTH, --length LENGTH
                        number of bytes to read
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        output file path
  -s OFFSET, --offset OFFSET
                        position where to start reading

optional arguments:
  -b BUFFER_SIZE, --buffer-size BUFFER_SIZE
                        buffer size in bytes (default is 4096)
  -h, --help            print this help message and exit
  -r, --remove          remove the extracted data from the input file
  --version             print the version number and exit

Further information and usage examples can be found inside the documentation
file for this script.

Current state

The development state of the project.

Yield sign With version 4.3.0 the Erfr project is not being enhanced anymore. Hence, there will be neither any new features nor a higher major version.

However, existing features may be improved and bugfixes will still be provided.

The main reason for this decision was the fact that the project allows one-time pad encryption as well as decryption, which is its main functionality and all the additional features and methods included should be enough to obfuscate the encrypted data.

Furthermore, one-time pad encryption is not really applicable in many cases where encryption is relevant. However, quoting the Wikipedia article once again, "despite its problems, the one-time-pad retains some practical interest". Details can be found inside that article.

So, there are no future plans and (as already mentioned above) the project will remain maintained, only.


Download the project.

Below you can download the latest version of the project for different Python frameworks. Further information about these frameworks can be found here.



Erfr logo

Release date:


File size:

< 80 KB

Current state:




Simplified BSD License


Python 2.x
Python 3.x


tgz | zip
tgz | zip