🐊 croc - secure and easy data transfer
croc is a tool I built to easily and securely transfer stuff from one computer to another.
There are many tools that can do this but AFAIK croc is the only tool that is easily installed and used on any platform, and has secure peer-to-peer transferring, and has the capability to resume broken transfers.
Transmit encrypted data with a code phrase
croc securely transfers data using code phrases - a combination of three random words (mnemonicoded 4 bytes). The code phrase is shared between the sender and the recipient for password authenticated key exchange (PAKE), a cryptographic method to use a shared weak key (the “code phrase”) to generate a strong key for secure end-to-end encryption. By default, a code phrase can only be used once between two parties so an attacker would have a chance of less than 1 in 4 billion to guess the code phrase correctly to steal the data. An attacker with the wrong code phrase will fail the PAKE and the sender will be notified without any data transfering. Only two people with the right code phrase will be able to computers transfer encrypted data through a relay.
Fast data transfer through TCP
The actual data transfer is accomplished using a relay, either using raw TCP sockets or websockets. If both computers are on the LAN network then croc will use a local relay, otherwise a public relay is used. All the data going through the relay is encrypted using the PAKE-generated session key, so the relay can’t spy on information passing through it. The data is transferred in blocks, where each block is compressed and encrypted, and the recipient keeps track of blocks received so that it can resume the transfer if interrupted.
Relay allows any two computers to connect
croc differs from a utility like scp because it doesn’t require any two computers to have enabled port-forwarding. Instead, croc will uses a relay - a temporary server setup locally (if both computers are on lan) or publicly (default is at croc4.schollz.com). Any two computers can connect to the relay, and after securing their channel with PAKE, they can transfer encrypted metadata and data through the relay. The relay works by first having the computers communicate the PAKE protocol via websockets, and then exchanging encrypted metadata, and then stapling the TCP connections directly so that they can transfer directly.
Why another data transfer utility?
My motivation to write croc, as stupid as it sounds, is because I wanted to create a program that made it easy to send a 3GB+ PBS documentary to my friend in a different country. My friend has a Windows computer and is not comfortable using a terminal. So I wanted to write a program that, while secure, is simple to receive a file. croc accomplishes this, and now I find myself using it almost everyday at work. To receive a file you can just download the executable and double click on it. The name is inspired by the fable of the frog and the crocodile.
The first example shows the basic transfer of some file or folder from computer 1 to computer 2. These two gifs should run in sync if you force-reload (Ctl+F5)
The second example shows how you can restart a broken transfer. Here, computer 2 presses Ctl+C during a transfer to abruptly break the connection, and then resumes by having computer 1 re-send the file. These two gifs should run in sync if you force-reload (Ctl+F5)
Or, you can install Go and build from source with
go get github.com/schollz/croc.
Or, you can quickly install a release from the command-line:
$ curl https://getcroc.schollz.com | bash
$ wget -qO- https://getcroc.schollz.com | bash
The basic usage is to just do
$ croc send FILE
to send and then on the other computer you can just do
$ croc [code phrase]
to receive (you’ll be prompted to enter the code phrase). Note, by default, you don’t need any arguments for receiving, instead you will be prompted to enter the code phrase. This makes it possible for you to just double click the executable to run (nice for those of us that aren’t computer wizards).
Custom code phrase
You can send with your own code phrase (must be more than 4 characters).
$ croc send --code [code phrase] [filename]
croc automatically will attempt to start a local connection on your LAN to transfer the file much faster. It uses peer discovery, basically broadcasting a message on the local subnet to see if another croc user wants to receive the file. croc will utilize the first incoming connection from either the local network or the public relay and follow through with PAKE.
You can change this behavior by forcing croc to use only local connections (
--local) or force to use the public relay only (
$ croc --local/--no-local send [filename]
Using pipes - stdin and stdout
You can easily use croc in pipes when you need to send data through stdin or get data from stdout. To send you can just use pipes:
$ cat [filename] | croc send
In this case croc will automatically use the stdin data and send and assign a filename like “croc-stdin-123456789”. To receive to stdout at you can always just use the
-stdout flags which will automatically approve the transfer and pipe it out to stdout.
$ croc -yes -stdout [code phrase] > out
All of the other text printed to the console is going to
stderr so it will not interfere with the message going to stdout.
The relay is needed to staple the parallel incoming and outgoing connections. The relay temporarily stores connection information and the encrypted meta information. The default uses a public relay at,
ws://126.96.36.199:8153. You can also run your own relay, it is very easy, just run:
$ croc relay
Make sure to open up TCP ports (see
croc relay --help for which ports to open). Relays can also be customized to which elliptic curve they will use (default is siec).
You can send files using your relay by entering
-relay to change the relay that you are using if you want to custom host your own.
$ croc -relay "ws://myrelay.example.com" send [filename]
You can also make some paramters static by using a configuration file. To get started with the config file just do
$ croc config
which will generate the file that you can edit. Any changes you make to the configuration file will be applied before the command-line flags, if any.