Oboron

String in, string out symmetric encryption

Oboron is a string in, string out symmetric encryption protocol — the enc operation takes a plaintext string and returns an obtext string; dec reverses it. Encryption and encoding are combined into one seamless process across all language implementations.

Specifications

Features

• String in, string out — enc and dec are the only operations you need; no manual encoding/decoding steps
• Consistent scheme naming — cryptographic primitives named by tier + property + algorithm (e.g., aasv = Authenticated + Avalanche + SiV), making cryptographic choices accessible without deep expertise
• Unified key management — a single 512-bit master key works across all schemes with deterministic subkey extraction; no manual key decoding from environment variables
• Prefix-focused entropy — high initial entropy enables Git-like referenceable short prefixes
• Cross-language interoperability — all implementations produce identical outputs for the same inputs
• Performance optimized — reference implementation benchmarks on short strings show performance roughly comparable with SHA256 on same input

More details:

• Properties: prefix entropy, deterministic injectivity, performance and output length comparisons
• Obtext Lengths: complete obtext length tables for all formats and encodings.

Quick Start

Install:

Rust:

cargo instal oboron

Python:

pip install oboron

Generate your 512-bit key (86 base64 characters):

Rust:

cargo run --bin keygen

or in your code:

let key = oboron::generate_key();

Python:

python -m oboron.keygen

or in your code:

key = oboron.generate_key()

Save the key as an environment variable, then use e.g., AasvC32 (a secure scheme, 256-bit encrypted with AES-SIV, encoded using Crockford's base32 variant) for enc/dec:

Rust:

use oboron::AasvC32;

let key = env::var("OBORON_KEY")?;
let ob = AasvC32::new(&key)?;

let ot = ob.enc("hello, world")?;
let pt2 = ob.dec(&ot)?;

println!("obtext: {}", ot);
// "obtext: cbv74r1m7a7cf8n6gzdy..."

assert_eq!(pt2, "hello, world");

Python:

import os
from oboron import AasvC32

key = os.getenv("OBORON_KEY")
ob = AasvC32(key)

ot = ob.enc("hello, world")
pt2 = ob.dec(ot)

print(f"obtext: {ot}")
# "obtext: cbv74r1m7a7cf8n6gzdy..."

assert pt2 == "hello, world"

All implementations produce identical obtext for the same key and plaintext.

Why a CLI Specification?

The CLI Specification presents a standardized CLI interface enabling cross-language conformance testing: any implementation (Rust, Python, Go, etc.) can run the existing standard testing suite — ob-cli-tests crate in the reference implementation repo (github.com/ob-enc/oboron-rs) — through a shared CLI contract, verifying that each implementation produces identical outputs.

Thus, by implementing the standard CLI interface, implementers can validate their implementation using the language-agnostic reference testing suite.

Applications

Oboron's combination of properties — particularly prefix entropy, compactness, and deterministic injectivity — enables specialized use cases beyond general-purpose encryption:

• Git-like short IDs — high-entropy prefixes for unique references
• URL-friendly state tokens — encrypt web application state into compact URLs
• No-lookup captcha systems — server issues encrypted challenge, verifies without database lookup
• Database ID obfuscation — hide sequential IDs while maintaining reversibility
• Compact authentication tokens — efficient alternative to JWT for simple use cases

Comparison with Alternatives

Implementations

• Rust: — reference implementation (GitHub: ob-enc/oboron-rs)
  • Core library: oboron crate
  • CLI: oboron-cli crate (ob and obz binaries)
• Python: (GitHub: ob-enc/oboron-rs/oboron-py)
  • Python bindings for core library: PyPI: oboron
  • CLI: PyPI: oboron-cli
• Go — under development

Getting Help

• GitHub Issues

License

The documentation and standards on this website are licensed under the MIT License.