Core Features

Sietch is engineered for resilience in the harshest conditions—where internet is unreliable, censorship is real, and survival depends on controlling your own data.
These are the capabilities that make it possible.

Key Capabilities

AES-256/GPG Encryption

Files are split into chunks and encrypted using strong symmetric or asymmetric keys, ensuring only trusted parties can access them.

Offline Sync

Sync data directly over TCP, LibP2P, or even sneakernet, without relying on internet or centralized services.

Gossip Discovery

Auto-discover peers in local networks using a lightweight gossip protocol—no complicated setup required.

CLI-First UX

Fast, efficient, and scriptable command-line interface built for minimal environments and professional automation.

Detailed Feature Breakdown

🔒 Strong Encryption

Sietch offers configurable encryption built for real-world security:

AES-256-GCM: Fast, authenticated symmetric encryption with passphrase protection.
GPG-Compatible: Public/private key encryption for secure multi-peer collaboration.
Chunked encryption: Each file segment is independently encrypted for granular security.
Key management: Local-only, secure key storage with optional passphrases.

All encryption happens locally—your keys and plaintext data never leave your machine.

# Create a vault secured with AES-256
sietch init --name secure-vault --key-type aes --passphrase

📡 Offline Sync Capabilities

Designed for environments where the cloud is not an option:

Rsync-style delta transfer: Only changed chunks are moved, saving time and bandwidth.
Multiple transports: Connect over TCP, LibP2P, or physical media (USB drives, SD cards).
Resumable syncing: Interrupted transfers pick up where they left off.
Encrypted transport: Chunks are always encrypted, even in transit.

You can sync directly between devices on a LAN—no internet required.

# Sync your vault with a peer on your local network
sietch sync --peer 192.168.1.42

🧭 Gossip Discovery Protocol

Finding peers shouldn’t require setting up infrastructure:

LAN auto-discovery: Vaults find each other automatically over local networks.
Manual peering: Specify trusted peer addresses when needed.
Zero-config startup: Works instantly in trusted environments.
Future enhancements: Planned support for QR code sharing and manual peer bootstrapping.

Gossip discovery is for trusted networks.

⚙️ CLI-First, Scriptable Design

Every aspect of Sietch is designed to be fast, clear, and automation-friendly:

Minimal dependencies: Runs on almost any system with very little overhead.
Scriptable workflows: Easily integrated into custom scripts and automation pipelines.
Clear, parseable output: Designed for both human users and programmatic consumption.
Non-interactive mode: Fully functional in headless or unattended environments.

# Add a file to your vault
sietch add ./secrets/thumper-plans.pdf /docs/

# Sync your vault with a trusted peer
sietch sync --peer 192.168.1.42

🛡️ Security-Focused Architecture

Sietch’s defenses are designed against real-world threats:

Attack Vector	Mitigation Strategy
Eavesdropping	End-to-end encrypted chunks
Man-in-the-middle	Transport encryption via LibP2P TLS
Unauthorized access	Cryptographic content verification
Chunk tampering	Merkle tree verification for integrity checks
Replay attacks	Transport secured with nonces and timestamps

Next Steps:
Learn about the architecture behind Sietch in How It Works, or jump directly to Installation to get started!

Edit this page on GitHub

IntroductionMotivation

IntroductionHow It Works