Simple cross-platform drag-and-drop gui and cli file encryption.
Latest Windows x64 release is here.
Exemples :
You can choose algorithm encryption with:
-a aesgcm for aes256Gcm
-a chacha for XChacha20Poly1305
-a aesgcmsiv for aes256GcmSiv.
If not specified, cryptyrust use XChacha20Poly1305. Decryption automatically detect the good algorithm and ignore -a if présent.
If no output file is specified with -o, Cryptyrust generate an incremental unique file name with .crypty extension.
# encrypt the file test.mp4 with password 12345678 and décrypt it:
./cryptyrust_cli -e test.mp4 -p 12345678
./cryptyrust_cli -d test.mp4.crypty -p 12345678
# encrypt the file test.mp4 with password 12345678 and show the hash of the output file, and décrypt it:
./cryptyrust_cli -e test.mp4 -p 12345678 --hash
./cryptyrust_cli -d test.mp4.crypty -p 12345678 --hash
# encrypt the file test.mp4 with password 12345678, with moderate key derivation, and décrypt it:
./cryptyrust_cli -e test.mp4 -p 12345678 -s moderate
./cryptyrust_cli -d test.mp4.crypty -p 12345678
# encrypt the file test.mp4 with password 12345678 with xchacha20poly1305 and décrypt it:
./cryptyrust_cli -e test.mp4 -a chacha -p 12345678
./cryptyrust_cli -d test.mp4.crypty -p 12345678
# Or you can enter an output file name with -o flag if you want:
./cryptyrust_cli -e test.mp4 -o myEncryptedFile -p 12345678
./cryptyrust_cli -d myEncryptedFile -o myDecryptedFile -p 12345678
- Argon2 with Argon2id variant for password hash
- aes256Gcm in Stream Mode.
- aes256GcmSiv in Stream Mode.
- XChacha20Poly1305 in Stream Mode.
Password Derivation : A 32 bytes "Rawkey" is generated by Argon2 from the user password and a 16 bytes random salt to prevent brute force attack. This "Rawkey" and a random nonce is used to encrypt with the selected algorithm.
Nonce (or initialization vectors) : The nonce is randomly generated.
- For aes256Gcm and aes256GcmSiv noncelen = 8 bytes
- For XChacha20Poly1305 20 bytes
Cryptyrust encrypt in stream mode. This is why nonce len is 4 bytes shorter than usual size for given algorithm. This 4 bytes are reserved for LE counter. Nonce is incremented after all encrypted chunk.
the output file is :
- Signature (a simple signature to check if it's a Cryptyrust file. 4 bytes)
- Version (2 bytes)
- Algorithm (2 bytes)
- Argon strength (2 bytes)
- The Argon2 Salt (16 bytes)
- Padding some 0 for future usage (16 bytes)
- Nonce (8 bytes for aes, 20 for chacha)
- Padding some 0 for always have a 64 bytes header
- encrypted chunk_1 ( BUFFER_SIZE + 16 bytes Authentication tag )
- encrypted chunk_2 ( BUFFER_SIZE + 16 bytes Authentication tag )
- ....etc
You can have a look at a more detailled header format here
In the root folder run cargo build --release
Executable will be at `target/release/cryptyrust_cli'.
- Install Visual Studio Build Tools 2019
- Make sure rust use msvc. Run in command line :
rustup default stable-x86_64-pc-windows-msvc - Build rust CLI App and core project :
cargo build --release
C++ GUI require Qt5 or Qt6 and Cryptyrust core build with cargo build --release.
After building the Rust cli and core with cargo build --release, Open qtgui/CMakeLists.txt with your IDE and build it. If You use qt creator, you can open project cryptyrust.pro to build it.
# With Linux command-line, open a terminal in qtgui folder
qmake cryptyrust.pro
make# For Windows
cd qtgui
mkdir build
cd build
cmake -G "NMake Makefiles" -DCMAKE_BUILD_TYPE=Release ..
nmakeData Loss Disclaimer:
if you lose or forget your password, your data cannot be recovered !
Use a password manager or another secure form of backup.