Show HN: rtty-soda – CLI frontend to NaCl (PyNaCl) for encrypting small files

https://github.com/theosaveliev/rtty-soda

2•nett_ef•1w ago

I tried to make the best CLI for interfacing with PyNaCl primitives, especially with KDF.

I don’t expect your trust; I focused on making the code readable for review. I haven’t reviewed the underlying libraries.

I included some silly examples in the README — I hope you enjoy them and have as much fun using it as I did while building it.

It’s focused on small files: not for large blobs, but great for keys, configs, and other secrets.

Thanks for your time. Please note that I’m not a security expert, and this is my first project in this space.

I actively use it myself and plan to maintain it long-term.

Comments

Privavault•1w ago

Nice work on this! CLI tools for encryption are underrated—I find people are more likely to actually encrypt things when the friction is low.

One thing I learned building PrivaVault (an encrypted document management app, just launched) is that the key management piece becomes the real UX challenge. We ended up implementing a zero-knowledge architecture where keys never touch our servers, but the tradeoff is users need to understand they're responsible for their master password.

I'm curious about your approach to key derivation and storage for the RTTY-SODA system. Are you using libsodium's password hashing (Argon2) or handling that separately?

nett_ef•1w ago

Thanks!

I’m using Argon2id-Blake2b. There’s a flowchart here: https://github.com/theosaveliev/rtty-soda?tab=readme-ov-file...

And the relevant code is here: https://github.com/theosaveliev/rtty-soda/blob/main/src/rtty...

I made a couple of explicit assumptions to reduce UX friction, and I try to document and test them rather than hide them:

1. I’m aware that using size=PrivateKey.SIZE is not ideal, since that constant is shared between public and secret schemes. I rely on the fact that the sizes match in libsodium, and I enforce that assumption with tests so it fails loudly if that ever changes: https://github.com/theosaveliev/rtty-soda/blob/main/tests/te...

2. For the salt, I intentionally avoid asking the user for an additional input. Instead, I hash a fixed long quote from Henry Fielding together with the user password. The assumption is that combining a short password with a long, fixed string still provides sufficient entropy for the KDF input and forces an attacker to recompute rainbow tables with the quote included, rather than reuse generic ones.

These tradeoffs are deliberate. I’m open to critique, especially if there’s a way to improve this without increasing UX complexity.

OpenClaw Is Changing My Life

Everything you need to know about lasers in one photo

SCOTUS to decide if 1988 video tape privacy law applies to internet uses

Epstein files reveal deeper ties to scientists than previously known

Red teamers arrested conducting a penetration test

Show HN: Open-source AI powered Kubernetes IDE

Show HN: Lucid – Use LLM hallucination to generate verified software specs

AI Doesn't Write Every Framework Equally Well

Aisbf – an intelligent routing proxy for OpenAI compatible clients

Let's handle 1M requests per second

OpenClaw Partners with VirusTotal for Skill Security

Goal: Ship 1M Lines of Code Daily

Show HN: Codex-mem, 90% fewer tokens for Codex

FastLangML: FastLangML:Context‑aware lang detector for short conversational text

LineageOS 23.2

Crypto Deposit Frauds

Substack makes money from hosting Nazi newsletters

Framing an LLM as a safety researcher changes its language, not its judgement

Are there anyone interested about a creator economy startup

Show HN: Skill Lab – CLI tool for testing and quality scoring agent skills

2003: What is Google's Ultimate Goal? [video]

Roger Ebert Reviews "The Shawshank Redemption"

Busy Months in KDE Linux

Zram as Swap

Green’s Dictionary of Slang - Five hundred years of the vulgar tongue

Nvidia CEO Says AI Capital Spending Is Appropriate, Sustainable

Show HN: StyloShare – privacy-first anonymous file sharing with zero sign-up

Part 1 the Persistent Vault Issue: Your Encryption Strategy Has a Shelf Life

Show HN: Teleop_xr – Modular WebXR solution for bimanual robot teleoperation

The Highest Exam: How the Gaokao Shapes China