HeadlinesBriefing favicon HeadlinesBriefing.com

croc CLI File Transfer Tool Adds PAKE Encryption

Hacker News •
×

croc is a command-line file-transfer utility that connects any two computers through a relay without requiring port-forwarding or a local server. It distinguishes itself by implementing PAKE (password-authenticated key agreement) for end-to-end encryption, generating a shared secret from a human-readable code phrase exchanged between sender and receiver. The tool supports Windows, Linux, and macOS, handles interrupted transfers with resume capability, and defaults to IPv6 with IPv4 fallback.

Installation spans every major package manager — Homebrew, Scoop, Chocolatey, Winget, Nix, apt, dnf, pacman, and conda-forge — plus Docker, Android via F-Droid, and building from source with Go 1.22+. Basic usage runs `croc send [file]` to produce a code phrase, then `croc [code-phrase]` on the receiving end. Advanced flags enable custom code phrases, `--exclude` patterns for folders like node_modules, piping via stdin/stdout, QR codes for mobile, SOCKS5 proxy (including Tor), and selectable elliptic curves (p521) or hash algorithms (imohash).

For teams avoiding public relays, croc supports a self-hosted relay via Docker on ports 9009–9013 with optional password protection and custom port ranges. Quiet mode suppresses output for automation, while extended clipboard copies the full environment-variable command for Linux/macOS where process names might leak secrets.

The relay architecture eliminates NAT traversal headaches that plague direct peer-to-peer tools, and PAKE removes the need to pre-share keys or manage certificates. For developers moving files between air-gapped machines, CI runners, or containers across clouds, croc reduces a multi-step scp/rsync/VPN workflow to a single command pair.