CryptKVS — Encrypted Key-Value Store in C

Client-side-encrypted key-value store in C with both local-file and HTTP-server modes. HMAC-SHA256 password hardening, per-entry random salt. The server cannot decrypt.

C · cryptography · systems · OpenSSL

What this is

Encrypted key-value store written from scratch in C. Two backends: a local file and a libmongoose HTTP server. The design is based on Signal’s “secure value recovery”: the server stores ciphertexts and per-entry salts but never sees plaintext.

How it works

The crypto:

Nine C modules: CLI dispatcher, client commands, local backend, RPC client, libmongoose HTTP server, crypto, IO, utilities, errors. One binary cryptkvs works against either a local file or a remote server. Built with AddressSanitizer and strict warnings. Per-week unit tests plus end-to-end tests.

CS-212 Programmation Système at EPFL.