Is this possible and within the scope of what Blackbox is trying to solve? I'd like to take a whack at it if that's alright.

Sure!

Look at the git history to see an earlier attempt. It only worked in some OSs. You might want to leave the old code in and use the parallel version for OSs that are tested.

FYI: I'm rewriting blackbox in Go. See the Golang branch. I could use help making the shred command parallel.

I've done a little bit of work in golang at my current job, but I am not anywhere near proficient. I'd love to get my hands a little dirty in that.

The go code is pretty stable, but there are a bunch of little things to clean up that I'm working on before I announce it. There's also no packaging. Certainly all the shred and decrypt stuff is stable.

I'd gladly accept the changes to either branch. I guess it depends on if you want to work on something that is going away in 2-3 months, or something that won't be ready for everyone to use for 2-3 months :-). (I'm using the new golang version for all my personal projects. No problems so far!)

My apologies for resurrecting an old thread, but is there a current working version of blackbox with a parallelized decrypt_all?

My apologies for resurrecting an old thread, but is there a current working version of blackbox with a parallelized decrypt_all?

No

Not to be a downer but... I would reject PRs to add that to the bash version of Blackbox. The bash version is brittle enough without adding such complexity. The go version is abandoned (unless @jose-bonilla picks it up).

No worries, thank you for the reply! Are you aware of any more basic solutions to the problem of long blackbox decrypt_all's?

My recommendation is to keep secrets in Conjur, AWS KMS, Azure Key Vault or GCP KMS. Then use Blackbox for encrypting the API keys that let you access that system. Now you are simply encrypting one tiny file.