project is an encryption tool based on the one-time pad
encryption method, built to encrypt files in a secure way.
Quite some people ask me, where the name Erfr comes
from, what it actually means and also how to pronounce it.
After developing my first one-time pad implementation in 2007,
I thought of some names for it, but then I
decided to give it a random name, because it uses an encryption
engine which encrypts data with random bytes.
I opened a Python shell and executed a method to
generate a random number between 3 and 10 which returned the value
4. This value set the length for the project name. Then, I decided
to take the first four letters of the first word I read outside my
office for the name of my project.
A few hours later, after working on some other projects, I had a little break and went to the snack bar to get something to drink and also some snacks, of course. At that time, I did not have my name concept in mind and entered the snack bar like I do every day.
Looking for a drink, the first word I have read was "Erfrischungsgetränke" (German for "soft drinks"). At this moment I remembered the name concept and realized, my encryption project is going to be called Erfr.
Therefore, the word Erfr does not have a certain meaning. Maybe there are languages where it has, but that would be purely coincidental. It could be seen as a rough abbreviation for Encrypt Files with Random bytes. In order to simplify pronunciation, the name Erfr is officially pronounced like the words "air" and "far" together, which results in "airfar".
The Erfr project is written in Python and platform independent.
Due to the fact, that the project is intended for shell and scripting purposes, it does not come with a graphical user interface.
Quoting the Wikipedia article (from April 16th, 2016), the one-time pad is "an encryption technique that cannot be cracked if used correctly". The encrypted file is completely useless without the corresponding key file and vice versa.
However, when using one-time pad there are some issues, briefly
- The encrypted as well as the key file have the same file
size as the input file to encrypt.
- Depending on the size of that file, this may require quite some hard disk space.
- Without obfuscation, the corresponding files can be assigned to each other by their size.
- In order to increase security, the encrypted and the key
file should be stored or transferred separately, for example
by using different media.
- The key file (or any parts of it) must not
be used multiple times to encrypt data as this would be a
Further information and details, can be found on the corresponding Wikipedia page.
By default, the Erfr components use the Python method os.urandom() to generate random bytes for key files and obfuscation purposes, which is a pseudo-random number generator using sources provided by the operating system (such as /dev/urandom on Unix-like systems or CryptGenRandom on Windows).
The quality of the random bytes generated by the os.urandom() method may vary on different operating systems, depending on the implementation of the pseudo-random number generator.
The main reason why Erfr uses this method by default is the fact, that it is available on various operating systems without any additional libraries.
On Unix-like systems /dev/random can also be used for generating random bytes, but will block the encryption and key generation processes while waiting for more entropy (details can be found here).
Furthermore, it is also possible to use key files generated by an external tool (or hardware) in case you do not want to use the random value generators provided or supported by Erfr for some reason.
For now, the main features of Erfr are the following:
- Secure encryption of files (as well as the decryption of
- Optional obfuscation of the encrypted and the key files.
- Enhanced options to complicate cracking the encrypted data
(e. g. in case an unauthorized person has gained access to the
encrypted and the key file).
The main component encrypts (or decrypts) a file using either the standard one-time pad method or a user-defined enhanced one. It allows dynamic encryption by providing different optional features to additionally modify the output data. Furthermore, it allows exporting the encryption parameters into a file which can be processed by the Erfr Executor component.
The temporary file cleaner removes all remaining temporary files of the Erfr components in case they have not been deleted automatically for some reason.
The executor component parses
parameter files created by the main Erfr component and
starts an encryption or decryption process based on the information
read from that file.
The extractor component reads or
extracts (reads and removes) a user-defined byte range out of an
existing file (e. g. a key file) and writes that data into a new
Erfr Key Finder
The key finder finds the corresponding key for an encrypted file and vice versa, but only if the file size of the encrypted or the key file has not been obfuscated (e. g. by adding random bytes).
Erfr Key Generator
The key generator builds a key file or string which can either be used for encryption or obfuscation purposes (for example as a fake key).
The process monitor returns or monitors the current status of an Erfr encryption, decryption, key generation or file obfuscation process.
The so called post-obfuscator
afterwards obfuscates already existing encrypted and key files by
adding random bytes.
Software requirements in general:
Python framework (either of them, further information can be found here)
Python 2.x (version 2.7 or higher is recommended, may also work with earlier versions)
Python 3.x (version 3.2 or higher is recommended, may also work with earlier versions)
This optional feature requires the PyCrypto library (version 2.1.0 or higher).
While developing and testing this feature, version 2.6.1 of the PyCrypto library has been used. However, the feature should work with newer versions and may also work with older ones.
Even though, it may work with older versions, it is strongly recommended to use the current version of the library and keep it up-to-date.
The following usage example shows how to execute the Python script on the shell of a Unix-like system.
If you do not know, how to run Python scripts on your operating system, you may click here.
The project also comes with some help files which contain fundamental documentation as well as usage examples for each component of the project.
Usually, each script requires command-line arguments to operate. So, to get an overview of all arguments available, simply run the script with the --help argument. For example:
$ ./erfr-extractor.py --help
usage: erfr-extractor.py -i INPUT_FILE -l LENGTH -o OUTPUT_FILE -s OFFSET
[-b BUFFER_SIZE] [-h] [-r] [--version]
Extract a user-defined byte range from an existing into a new file.
-i INPUT_FILE, --input-file INPUT_FILE
input file path
-l LENGTH, --length LENGTH
number of bytes to read
-o OUTPUT_FILE, --output-file OUTPUT_FILE
output file path
-s OFFSET, --offset OFFSET
position where to start reading
-b BUFFER_SIZE, --buffer-size BUFFER_SIZE
buffer size in bytes (default is 4096)
-h, --help print this help message and exit
-r, --remove remove the extracted data from the input file
--version print the version number and exit
Further information and usage examples can be found inside the documentation
file for this script.
With version 4.3.0 the Erfr project is not being enhanced anymore. Hence, there will be neither any new features nor a higher major version.
However, existing features may be improved and bugfixes will still be provided.
The main reason for this decision was the fact that the project allows one-time pad encryption as well as decryption, which is its main functionality and all the additional features and methods included should be enough to obfuscate the encrypted data.
Furthermore, one-time pad encryption is not really applicable in many cases where encryption is relevant. However, quoting the Wikipedia article once again, "despite its problems, the one-time-pad retains some practical interest". Details can be found inside that article.
So, there are no future plans and (as already mentioned above) the project will remain maintained, only.
Below you can download the latest version of the project for different Python frameworks. Further information about these frameworks can be found here.
|File size:||< 80 KB|
|Framework:||Python 2.x||Python 3.x|
|Download:||tgz | zip||tgz | zip|