This repository is not for the CLI, if you're a prospective user you probably want to be here.
SSEC was developed as a simple alternative to ZIP for single files (analogous to gzip, but for encryption).
This repository contains both the specification of the file format, and a streaming implementation (the ssec-core crate) in Rust.
The implementation is based around the Futures-rs' Stream abstraction, so it is sans-IO and async runtime agnostic.
The decryption implementation is structured like a state machine so that consumers can avoid blocking the executor by moving the computation of KDF onto a separate threadpool (such as a Tokio blocking task).
The headers of a SSEC file reveal no information about its contents.
The only information about the contents that is revealed is the size (duh).
Attempting decryption of a SSEC file requires a lot (512 MB) of memory, so even state-sponsored brute force attacks are unfeasible.
When decrypting a SSEC file, the authenticity of the contents can be verified after the entire file has been read.
SSEC makes no guarantees about side-channel resistance.
This specific implementation uses the zeroize crate to erase sensitive material from memory (see the docs for more information about what this actually entails).
This entire project was massively inspired by https://fasterthanli.me/articles/the-case-for-sans-io.