$ nncp-cfgenc [options] [-s INT] [-t INT] [-p INT] cfg.hjson > cfg.hjson.eblob
$ nncp-cfgenc [options] -d cfg.hjson.eblob > cfg.hjson

This command allows you to encrypt provided cfg.hjson file with the passphrase, producing eblob, to safely keep your configuration file with private keys. This utility was written for users who do not want (or can not) to use either GnuPG or similar tools. That eblob file can be used directly in -cfg option of nearly all commands.

-s, -t, -p are used to tune eblob’s password strengthening function. Space memory cost (-s), specified in number of BLAKE2b-256 blocks (32 bytes), tells how many memory must be used for hashing – bigger values are better, but slower. Time cost (-t) tells how many rounds/iterations must be performed – bigger is better, but slower. Number of parallel jobs (-p) tells how many computation processes will be run: this is the same as running that number of independent hashers and then joining their result together.

When invoked for encryption, passphrase is entered manually twice. When invoked for decryption (-d option), it is asked once and exits if passphrase can not decrypt eblob.

-dump options parses eblob and prints parameters used during its creation. For example:

$ nncp-cfgenc -dump /usr/local/etc/nncp.hjson.eblob
Strengthening function: Balloon with BLAKE2b-256
Memory space cost: 1048576 bytes
Number of rounds: 16
Number of parallel jobs: 2
Blob size: 2494