Home Encryption / Decryption Toplip – A Very Strong File Encryption And Decryption CLI Utility

Toplip – A Very Strong File Encryption And Decryption CLI Utility

By sk
Published: Last Updated on 896 views

This tutorial explains what is Toplip, how to install Toplip in Linux, and how to encrypt and decrypt files using Toplip in Linux.

What is Toplip?

There are plenty of file encryption tools available on the market to protect your files. We have already reviewed some encryption tools such as CryptomaterCryptkeeper, CryptGo, Cryptr, Tomb, and GnuPG etc. Today, we will be discussing yet another file encryption and decryption command line utility named "Toplip".

Toplip is a free and open source encryption utility that uses a very strong encryption method called AES256, along with an XTS-AES design to safeguard your confidential data. Also, it uses Scrypt, a password-based key derivation function, to protect your passphrases against brute-force attacks.

Toplip features

Compared to other file encryption tools, toplip ships with the following unique and prominent features.

  • Very strong XTS-AES256 based encryption method.
  • Plausible deniability.
  • Encrypt and embed files inside images (PNG/JPG).
  • Multiple passphrase protection.
  • Simplified brute force recovery protection.
  • No identifiable output markers.
  • Open source/GPLv3.

Install Toplip in Linux

There is no installation required. Toplip is a standalone executable binary file. All you have to do is download the latest toplip from the official products page and make it as executable. To do so, just run:

$ chmod +x toplip

Encrypt and Decrypt Files using Toplip

If you run toplip without any arguments, you will see the help section.

$ ./toplip

Allow me to show you some examples.

For the purpose of this guide, I have created two files namely file1 and file2. Also, I have an image file which we need it to hide the files inside it. And finally, I have toplip executable binary file. I have kept them all in a directory called test.

Encrypt or decrypt a single file

Now, let us encrypt file1. To do so, run:

$ ./toplip file1 > file1.encrypted

This command will prompt you to enter a passphrase. Once you have given the passphrase, it will encrypt the contents of file1 and save them in a file called file1.encrypted in your current working directory.

Sample output of the above command would be:

This is toplip v1.20 © 2015, 2016 2 Ton Digital. Author: Jeff Marrison
A showcase piece for the HeavyThing library. Commercial support available
Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
file1 Passphrase #1: generating keys...Done
Encrypting...Done

To verify if the file is really encrypted., try to open it and you will see some random characters.

To decrypt the encrypted file, use -d flag like below:

$ ./toplip -d file1.encrypted

This command will decrypt the given file and display the contents in the Terminal window.

To restore the file instead of writing to stdout, do:

$ ./toplip -d file1.encrypted > file1.decrypted

Enter the correct passphrase to decrypt the file. All contents of file1.encrypted will be restored in a file called file1.decrypted.

Please don't follow this naming method. I used it for the sake of easy understanding. Use any other name(s) which is very hard to predict.

Encrypt or decrypt multiple files

Now we will encrypt two files with two separate passphrases for each one.

$ ./toplip -alt file1 file2 > file3.encrypted

You will be asked to enter passphrase for each file. Use different passphrases.

Sample output of the above command will be:

This is toplip v1.20 © 2015, 2016 2 Ton Digital. Author: Jeff Marrison
A showcase piece for the HeavyThing library. Commercial support available
Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
file2 Passphrase #1: generating keys...Done
file1 Passphrase #1: generating keys...Done
Encrypting...Done

What the above command will do is encrypt the contents of two files and save them in a single file called file3.encrypted. While restoring, just give the password of respective file. For example, if you give the passphrase of the file1, toplip will restore file1. If you enter the passphrase of file2, toplip will restore file2.

Each toplip encrypted output may contain up to four wholly independent files, and each created with their own separate and unique passphrase. Due to the way the encrypted output is put together, there is no way to easily determine whether or not multiple files actually exist in the first place. By default, even if only one file is encrypted using toplip, random data is added automatically. If more than one file is specified, each with their own passphrase, then you can selectively extract each file independently and thus deny the existence of the other files altogether. This effectively allows a user to open an encrypted bundle with controlled exposure risk, and no computationally inexpensive way for an adversary to conclusively identify that additional confidential data exists. This is called Plausible deniability, one of the notable feature of toplip.

To decrypt file1 from file3.encrypted, just enter:

$ ./toplip -d file3.encrypted > file1.encrypted

You will be prompted to enter the correct passphrase of file1.

To decrypt file2 from file3.encrypted, enter:

$ ./toplip -d file3.encrypted > file2.encrypted

Do not forget to enter the correct passphrase of file2.

Use multiple passphrase protection

This is another cool feature that I admire about toplip. We can provide multiple passphrases for a single file when encrypting it. It will protect the passphrases against brute force attempts.

$ ./toplip -c 2 file1 > file1.encrypted

Here, -c 2 represents two different passphrases. Sample output of above command would be:

This is toplip v1.20 © 2015, 2016 2 Ton Digital. Author: Jeff Marrison
A showcase piece for the HeavyThing library. Commercial support available
Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
file1 Passphrase #1: generating keys...Done
file1 Passphrase #2: generating keys...Done
Encrypting...Done

As you see in the above example, toplip prompted me to enter two passphrases. Please note that you must provide two different passphrases, not a single passphrase twice.

To decrypt this file, do:

$ ./toplip -c 2 -d file1.encrypted > file1.decrypted
This is toplip v1.20 © 2015, 2016 2 Ton Digital. Author: Jeff Marrison
A showcase piece for the HeavyThing library. Commercial support available
Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
file1.encrypted Passphrase #1: generating keys...Done
file1.encrypted Passphrase #2: generating keys...Done
Decrypting...Done

Hide files inside image

The practice of concealing a file, message, image, or video within another file is called steganography. Fortunately, this feature exists in toplip by default. 

To hide a file(s) inside images, use -m flag as shown below.

$ ./toplip -m image.png file1 > image1.png
This is toplip v1.20 © 2015, 2016 2 Ton Digital. Author: Jeff Marrison
A showcase piece for the HeavyThing library. Commercial support available
Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
file1 Passphrase #1: generating keys...Done
Encrypting...Done

This command conceals the contents of file1 inside an image named image1.png. To decrypt it, run:

$ ./toplip -d image1.png > file1.decrypted
This is toplip v1.20 © 2015, 2016 2 Ton Digital. Author: Jeff Marrison
A showcase piece for the HeavyThing library. Commercial support available
Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip
image1.png Passphrase #1: generating keys...Done
Decrypting...Done

Increase password complexity

To make things even harder to break, we can increase the password complexity like below.

$ ./toplip -c 5 -i 0x8000 -alt file1 -c 10 -i 10 file2 > file3.encrypted

The above command will prompt you to enter 5 passphrases for the file1, 10 passphrases for the file2 and encrypt both of them in a single file called "file3.encrypted". As you may noticed, we have used one more additional flag -i in this example. This is used to specify key derivation iterations. This option overrides the default iteration count of 1 for scrypt's initial and final PBKDF2 stages. Hexadecimal or decimal values permitted, e.g. 0x8000, 10, etc. Please note that this can dramatically increase the calculation times.

To decrypt file1, use:

$ ./toplip -c 5 -i 0x8000 -d file3.encrypted > file1.decrypted

To decrypt file2, use:

$ ./toplip -c 10 -i 10 -d file3.encrypted > file2.decrypted

To know more about the underlying technical information and crypto methods used in toplip, refer its official website given at the end of this guide.

My personal recommendation to all those who wants to protect their data. Don't rely on single method. Always use more than one tools/methods to encrypt files. Do not write passphrases/passwords in a paper and/or do not save them in your local or cloud storage. Just memorize them and destroy the notes. If you're poor at remembering passwords, consider to use any trustworthy password managers. Here are some password managers you might want to try.

Hope this helps.

Resource:

You May Also Like

3 comments

IJK December 12, 2017 - 8:26 am

A mostly x86 assembly language library, that may, or may not, have been vetted for correctness, that may, or may not, be buggy, that does not do anything that can be done just as conveniently using standard Linux tools, like OpenSSL. Yet another tool that fills out a much-needed gap in the Linux world.

Reply
Bruce C. December 12, 2019 - 1:50 am

Typo in article “enter 10 passphrases for the file1, 5 passphrases for the file2” should be “enter 5 passphrases for the file1, 10 passphrases for the file2”

Reply
sk December 12, 2019 - 12:38 pm

Good catch. Fixed now.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More