Introduction
Military-grade encrypted decentralized storage with three encryption algorithms via simple CLI commands.
MothrBox is a unified encrypted decentralized storage system that combines military-grade encryption with Walrus Protocol's decentralized storage. Encrypt your data locally, store it across a distributed network, and retrieve it securelyβall through simple CLI commands.
MothrBox encrypts your data before it leaves your machine, ensuring true end-to-end security. Choose from three battle-tested encryption algorithms depending on your use case.
Three Encryption Algorithms
π AES-256-GCM (Default)
Best for: General purpose, compliance, large files
./mothrbox encrypt confidential.pdf "SecurePassword2024"
./mothrbox decrypt <blob-id> recovered.pdf "SecurePassword2024"
Features:
- Hardware-accelerated on Intel/AMD (AES-NI)
- Industry standard (Signal, WhatsApp, 1Password)
- NIST approved, FIPS 140-2 compliant
- PBKDF2 key derivation (600,000 iterations)
β‘ ChaCha20-Poly1305
Best for: Mobile devices, ARM processors, IoT
./mothrbox chacha-encrypt video.mp4 "MobilePass123"
./mothrbox chacha-decrypt <blob-id> video.mp4 "MobilePass123"
Features:
- Faster on mobile/ARM without hardware acceleration
- Used in WireGuard, TLS 1.3
- Constant-time implementation (timing attack resistant)
- Mobile and IoT optimized
π ECC (P-256)
Best for: Secure sharing without password exchange
# Generate keys once
./mothrbox keygen
# Encrypt with recipient's public key (NO PASSWORD!)
./mothrbox ecc-encrypt document.pdf recipient_public.key
# Recipient decrypts with their private key
./mothrbox ecc-decrypt <blob-id> document.pdf your_private.key
Features:
- Public key cryptographyβno password sharing needed
- NIST P-256 elliptic curve (NSA Suite B approved)
- Ephemeral ECDH (perfect forward secrecy)
- Perfect for multi-recipient scenarios
Quick Start
# 1. Clone repository
git clone https://github.com/georgegoldman/mothrbox_v2
cd mothrbox_v2
# 2. Make CLI executable
chmod +x mothrbox
# 3. Configure Sui wallet
cd mothrbox_ts
cp .env.example .env
nano .env # Add your SUI_SECRET_KEY
# 4. Build system
cd ..
./mothrbox build
# 5. Start MothrBox
./mothrbox start
# 6. Encrypt and upload
echo "Secret data" > test.txt
./mothrbox encrypt test.txt "MyPassword123"
# Output: π¦ Blob ID: abc123xyz...
# 7. Download and decrypt
./mothrbox decrypt abc123xyz... recovered.txt "MyPassword123"
Algorithm Comparison
| Feature | AES-256-GCM | ChaCha20-Poly1305 | ECC P-256 |
|---|---|---|---|
| Speed | Very Fast (HW) | Fast (SW) | Moderate |
| Hardware Accel | β x86/x64 | β No | β No |
| Mobile-Friendly | Good | β Excellent | Good |
| Authentication | Password | Password | Key-based |
| Multi-Recipient | Re-encrypt each | Re-encrypt each | β Easy |
| Overhead | +28 bytes | +44 bytes | +65 bytes |
| Use Case | General purpose | Performance | Secure sharing |
Use Cases
π Enterprise & Compliance
- Legal Documents: Law firms encrypting client contracts
- Healthcare: HIPAA-compliant patient record storage
- Financial: Secure invoices, receipts, audit trails
- Corporate: Confidential reports, strategic documents
π± Mobile & IoT
- Photo Backups: Encrypted mobile photo storage
- IoT Data: Sensor data from ARM devices
- Mobile Apps: In-app encrypted document vaults
- Edge Computing: Data encryption at the edge
π€ Secure Sharing
- Multi-Recipient: Encrypt once for each recipient (ECC)
- Whistleblower Protection: Censorship-resistant document storage
- Academic Research: Verifiable dataset archival
- Collaborative Work: Share encrypted files without password exchange
π€ AI & Web3
- Model Storage: Off-chain AI model weights
- Embeddings: Vector database backups
- NFT Metadata: Token-gated content
- DApp Storage: Web3 app data layer
System Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MOTHRBOX β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββββββ bash ββββββββββββββββββββ β
β β Rust Engine β ββββΊ β Deno Walrus β β
β β (Encryption) β β Client β β
β β - AES/ChaCha/ECC β β - Walrus SDK β β
β ββββββββββββββββββββ ββββββββββββββββββββ β
β β β β β β
β β β β
β File I/O RPC/JSON β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
βΌ βΌ
Your Files Walrus Protocol
(data/) (Decentralized)
β
βΌ
Sui Blockchain
(Metadata)
Data Flow:
- Your File β Encrypt (Rust) β Bash subprocess β Deno β Walrus SDK β Decentralized Storage
- Blob ID β JSON stdout β Deno β Walrus SDK β Retrieve
- Encrypted Data β Decrypt (Rust) β Your File
CLI Examples
Example 1: Basic Encryption (AES)
# Start system
./mothrbox start
# Create a confidential file
echo "Confidential business data" > report.txt
# Encrypt and upload
./mothrbox encrypt report.txt "SecurePassword2024"
# Output: π¦ Blob ID: DcNxScTcvltoCYZwLPVC45QNFpddxjL8FmueI7I7-Ho
# Later: Download and decrypt
./mothrbox decrypt DcNxScTcvltoCYZwLPVC45QNFpddxjL8FmueI7I7-Ho recovered.txt "SecurePassword2024"
# Output: β
Saved to: data/recovered.txt
# Verify
cat data/recovered.txt
Example 2: Mobile-Optimized (ChaCha20)
# Encrypt video for mobile device
./mothrbox chacha-encrypt vacation.mp4 "MobilePass123"
# Output: π¦ Blob ID: xyz789...
# On mobile/ARM device, decrypt
./mothrbox chacha-decrypt xyz789... vacation.mp4 "MobilePass123"
Example 3: Password-Free Sharing (ECC)
# Alice generates her key pair
./mothrbox keygen
# Creates: data/private.key, data/public.key
# Bob generates his key pair
./mothrbox keygen
# Rename: data/bob_private.key, data/bob_public.key
# Alice encrypts for Bob using Bob's public key
./mothrbox ecc-encrypt contract.pdf data/bob_public.key
# Output: π¦ Blob ID: abc456...
# Alice shares blob ID publicly
# Only Bob can decrypt with his private key
./mothrbox ecc-decrypt abc456... contract.pdf data/bob_private.key
Example 4: Batch Operations
# Encrypt multiple files
for file in *.pdf; do
./mothrbox encrypt "$file" "BatchPassword2024"
done
# Automated backup script
#!/bin/bash
DATE=$(date +%Y%m%d)
tar czf backup_${DATE}.tar.gz ~/important_files/
./mothrbox encrypt backup_${DATE}.tar.gz "BackupPass2024"
rm backup_${DATE}.tar.gz
Security Best Practices
Password-Based (AES & ChaCha20)
- β Use strong passwords (20+ characters, mixed case, numbers, symbols)
- β Never reuse passwords across files
- β Use a password manager (1Password, Bitwarden)
- β Share blob IDs and passwords via separate channels
- β Store blob IDs separately from passwords
Key-Based (ECC)
- β NEVER share private keys
- β Store private keys encrypted at rest
- β Back up private keys securely (encrypted USB, hardware wallet)
- β Share public keys freely - they can't decrypt
- β Generate separate key pairs for different purposes
General
- β
Delete local unencrypted files after upload:
shred -vfz -n 10 sensitive_file.txt - β Test decryption before deleting originals
- β Use testnet for development, mainnet for production
- β Verify blob IDs before sharing
All Available Commands
# System Management
./mothrbox start # Start MothrBox system
./mothrbox stop # Stop MothrBox system
./mothrbox restart # Restart MothrBox system
./mothrbox status # Check system status
./mothrbox logs # View system logs
./mothrbox test # Run tests
./mothrbox rebuild # Rebuild system
./mothrbox clean # Clean up everything
# AES-256-GCM Commands
./mothrbox encrypt <file> <password>
./mothrbox decrypt <blob-id> <output-file> <password>
# ChaCha20-Poly1305 Commands
./mothrbox chacha-encrypt <file> <password>
./mothrbox chacha-decrypt <blob-id> <output-file> <password>
# ECC Commands
./mothrbox keygen
./mothrbox ecc-encrypt <file> <recipient-public-key>
./mothrbox ecc-decrypt <blob-id> <output-file> <private-key>
# Advanced
./mothrbox cli <command> [args...] # Direct Rust CLI access
./mothrbox help # Show all commands
System Requirements
- Operating System: Linux, macOS, Windows (WSL2)
- Docker: 20.10+
- Docker Compose: v2+
- RAM: 2GB minimum
- Sui Wallet: With testnet or mainnet tokens
- Storage: Varies by usage
Performance
| Operation | AES-256-GCM | ChaCha20-Poly1305 | ECC |
|---|---|---|---|
| Encryption | ~500 MB/s* | ~400 MB/s | ~50 MB/s |
| Decryption | ~500 MB/s* | ~400 MB/s | ~50 MB/s |
| Overhead | +28 bytes | +44 bytes | +65 bytes |
*With hardware acceleration (AES-NI)
Troubleshooting
Container Not Running
./mothrbox status
./mothrbox start
./mothrbox logs # Check for errors
Upload Failed
# Check configuration
cat mothrbox_ts/.env
# Verify SUI_SECRET_KEY is set
# Get testnet SUI: https://faucet.testnet.sui.io/
# Restart system
./mothrbox restart
Decrypt Failed
Check:
- Correct blob ID (exact match)
- Correct password (case-sensitive)
- Correct encryption method (aes vs chacha vs ecc)
# Manual download to debug
docker exec mothrbox_system bash -c "
deno run -A --env-file=mothrbox_ts/.env \
mothrbox_ts/src/walrus-cli.ts download <blob-id> /app/data/test.enc
"
ls -lh data/test.enc
Next Steps
- π CLI Reference β Complete command reference
- π Security Guide β Detailed security practices
- ποΈ Architecture β System design deep dive
- π Advanced Usage β Power user features
Community & Support
- π GitHub: georgegoldman/mothrbox_v2
- π Documentation: Full guides and API reference
- π Issues: Report bugs
- π¬ Discord: Coming soon
Why MothrBox?
"With MothrBox, you don't need to choose between speed and security β you get both."
MothrBox delivers:
- Privacy First: End-to-end encryption before data leaves your machine
- Decentralized: No single point of failure or control
- Flexible: Three algorithms for different use cases
- Developer-Friendly: Simple CLI, no complex setup
- Blockchain-Backed: Verifiable storage proofs on Sui
- Open Source: Fully auditable code
Blockquote
β οΈ Important: Always test decryption before deleting original files. Store blob IDs and passwords/keys separately. Private keys can never be recovered if lost.
MothrBox β Military-grade encryption. Decentralized storage. Simple CLI. π¦π
Built for secure, unified, censorship-resistant storage.