Oboron

String in, string out symmetric encryption

Protocol Specification CLI Specification

Oboron is a string in, string out symmetric encryption protocol — the enc operation takes a plaintext string and returns an obtext string; dec reverses it. Encryption and encoding are combined into one seamless process across all language implementations.

Specifications

Document	Description
spec.html	Protocol specification: formats, algorithms, key management, properties, API
cli.html	CLI specification: `ob` and `obz` command-line interface

Features

String in, string out — enc and dec are the only operations you need; no manual encoding/decoding steps
Consistent scheme naming — cryptographic primitives named by tier + property + algorithm (e.g., aasv = Authenticated + Avalanche + SiV), making cryptographic choices accessible without deep expertise
Unified key management — a single 512-bit master key works across all schemes with deterministic subkey extraction; no manual key decoding from environment variables
Prefix-focused entropy — high initial entropy enables Git-like referenceable short prefixes
Cross-language interoperability — all implementations produce identical outputs for the same inputs
Performance optimized — often faster than JWT for both encoding and decoding

Quick Start

Generate your 512-bit key (86 base64 characters):

Rust:

cargo run --bin keygen

or in your code:

let key = oboron::generate_key();

Python:

python -m oboron.keygen

or in your code:

key = oboron.generate_key()

Save the key as an environment variable, then use AasvC32 (a secure scheme, 256-bit encrypted with AES-SIV, encoded using Crockford's base32 variant) for enc/dec:

Rust:

use oboron::AasvC32;

let key = env::var("OBORON_KEY")?;
let ob = AasvC32::new(&key)?;

let ot = ob.enc("hello, world")?;
let pt2 = ob.dec(&ot)?;

println!("obtext: {}", ot);
// "obtext: cbv74r1m7a7cf8n6gzdy..."

assert_eq!(pt2, "hello, world");

Python:

import os
from oboron import AasvC32

key = os.getenv("OBORON_KEY")
ob = AasvC32(key)

ot = ob.enc("hello, world")
pt2 = ob.dec(ot)

print(f"obtext: {ot}")
# "obtext: cbv74r1m7a7cf8n6gzdy..."

assert pt2 == "hello, world"

All implementations produce identical obtext for the same key and plaintext, demonstrating cross-language interoperability.

Why a CLI Specification?

cli.html specifies a standardized CLI interface that every conforming Oboron implementation must provide. This is not just for ergonomics — it enables a cross-language conformance testing suite: a single test harness can run the same test vectors against any implementation (Rust, Python, Go, etc.) through a shared CLI contract, verifying that each implementation produces identical outputs. This means cross-language interoperability is continuously verified, not just assumed.

Applications

Oboron's combination of properties — particularly prefix entropy, compactness, and deterministic injectivity — enables specialized use cases beyond general-purpose encryption:

Git-like short IDs — high-entropy prefixes for unique references
URL-friendly state tokens — encrypt web application state into compact URLs
No-lookup captcha systems — server issues encrypted challenge, verifies without database lookup
Database ID obfuscation — hide sequential IDs while maintaining reversibility
Compact authentication tokens — efficient alternative to JWT for simple use cases

Comparison with Alternatives

Use Case	Traditional Solution	Oboron Approach
Short unique IDs	UUIDv4 (36 chars)	`ob:aasv.c32` (34-47 chars, reversible)
URL parameters	JWT (150+ chars)	`ob:aasv.b64` (4.5x smaller, 4x faster)
Database ID masking	Hashids (not secure)	Proper encryption

Implementations

Rust — reference implementation (oboron crate)
- CLI: oboron-cli (ob and obz binaries)
Python — ob-enc/oboron-rs/oboron-py
Go — under development

Getting Help

GitHub Issues

License

Licensed under the MIT license.

MIT License · https://oboron.org/