If the string ".pcv" exists in the file name (for example: test.pcv.test.txt), the application silently fails to properly select the chosen file with no error message. If ".pcv" is in the path instead (for example: /home/user/test.pcv/testing.txt), the file can be selected, but the application throws an "unknown error" when the Start button is clicked.

Using simple file extension checks to determine whether to encrypt or decrypt works in a lot of cases, but is a bit fragile. A more robust method might be to silently include some non-encrypted metadata in any encrypted file, something the application can look for when a file is selected, that will tell Picocrypt if it's a compatible, encrypted file. Doing that would break the ability to encrypt a file twice... but I'm not sure how many people would need to do that. :)

In the unlikely scenario that a security vulnerability is discovered, please draft a security advisory in the Security tab of this repository and I will fix it as soon as possible.

Only people with admin permissions can draft security advisories, which is why there should be a separate SECURITY.md file.

Having an official Flatpak would be better than having a snap package.

Flatpaks work everywhere. Snaps only work on distros with systemd and app images require glibc.

Secondly, snaps don't really provide better security than Flatpaks. Many security researchers who have criticized Flatpaks have also criticized snaps. At least flatpak have put effort into fixing these issues.

https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html

Flatpak still has issues, but they are constantly improving and are much better at being a universal package manager than snap.

Would it be possible to implement this feature to (optionally) hide the names of the encrypted file(s) and folder(s) ?

In some cases those names may contain valuable information on the files and folders contents that one would prefer to keep private / concealed / protected from outside view.

To further clarify this request, it is probably easiest to refer to a similar feature that worked quite well in the GUI version of Kryptor (now defunct in the latest CLI only version), as described on the following page :

https://www.kryptor.co.uk/technical-details (See : "File name obfuscation")

To check or test this, you can download the last (portable) GUI version of that software there :

https://github.com/samuel-lucas6/Kryptor/releases/tag/v2.2.2

Thanks for all the hard work already done on Picocrypt !
It is well on its way to becoming a must have security tool.

Add tool tips for settings. For example a simple explanation of the reed solomon check box ect..

You are currently using Blake2b in fast mode, but why not its successor, Blake3?
It is much faster as Blake2b, but at least as secure as SHA3. (See their comparison chart at their GitHub page.)

If you turn the page to a language other than English, go to the shredder tab, turn it back to English, and go back to the shredder tab, the last line on the bottom that says "Ready." in English will still be in the language it was set to

Also, every language except for Spanish has a "." after it's equivalent of "Ready."

It would be awesome if this program can be downloaded at Apple AppStore so it can be used with „AppStore only“ setups.

This is just a storage space for me to link and backup files.

I'm currently testing Picocrypt because I like the idea and functionality behind this lightweight tool. I believe my rather "non-techy" perspective can be of value (in terms of expectations and workflow).

This is a small one that would make working with Picocrypt a little easier.

Usecase / Expectation

Windows lets users define programs to open files with specific file types/extensions. I've set Picocrypt to open .pcv files. My expectation when opening e.g. EncryptedFolder123.zip.pcv with Picocrypt is Picocrypt to open with most things prefilled and without the need to again select the file I want to decrypt.

What actually happens

Double-clicking EncryptedFolder123.zip.pcv does open Picocrypt – that's it. It's the same as double-clicking the Picocrypt.exe. I still have to drag & drop EncryptedFolder123.zip.pcv into that newly opened window.

Environment

• Windows 10, 64bit
• Version 1.17 stable

Maybe it's because I'm still on 1.17, but when dragging a file into the checksum generator, it would be much easier if all of the boxes were checked by default. Otherwise, it's just a hassle when I drop a file in and none of the boxes are checked, which means I have to check the ones I want and then find the file again

When making an encrypted file, the option to put a comment (read-only) can be written without a length limit. but when you drag the pvc file to the picocrypt window, it gets cut-off.
For example, the comment "this message is going to be cut off because of the window" will only be readable to "~of the w"

Im on Windows, Picocrypt version 1.26

Just an Issue so that I can upload a preview and get a reliable link. Not a real issue.
Picocrypt.zip

I noticed Picocrypt tries to connect to the internet. It would be helpful to put this in the documentation and the reasons why.

https://www.virustotal.com/gui/file/f1e685d2e93093a79cfe49a8afda0499758724fd80a9249b3733c5e231c3a9a2

Text is overlapping at the “Advanced” section, and the window size is fixed, so I can't make it readable.
(See screenshot)

Windows 10, 1920×1080 screen resolution, scaling is at 125%. (So the app should/must adjust for the selected scaling of the Windows resolution.)

I dont really know where to put a feature request so i will just post it here. What about a Webinterface for the tool? That way ot would not even require to be installed and would even work on Android. Of course there are some security flaws whith thus design(especially since the encryption would have to happen on a potentially compromised server) but it would still be nice to have over LAN.

Support at least 256x256 size for the .ico file which is todays standart.
Preferably under PNG container for better quality.
Also provide lower sizes for ensuring compability.
Sample Icon group size chart:
16x16
32x32
48x48
64x64
96x96
128x128
256x256

I have tried installing with snap in arch linux but it does not work. It will be interesting and arch package or an appimage.

I'm currently testing Picocrypt because I like the idea and functionality behind this lightweight tool. I believe my rather "non-techy" perspective can be of value (in terms of expectations and workflow).

Environment

• Windows 10, 64bit
• Version 1.17 stable

Description of the issue

Decrypting a .pcv file located at C:\Program Files\Picocrypt to the same destination (probably anywhere in C:\Program Files\) does nothing if Picocrypt.exe isn't running with administrator permission.

This is not a bug, rather a Windows security feature. The user (not knowing this) might be confused because nothing happened; especially after getting the green Completed. message.

Possible solution

Is it possible to show a hint or even prompt the user to grant administrator permission when decrypting to a "protected" destination?

Can you add encrypted filenames as well or at least the optionality for random filename?

If i try starting Picocrypt.exe (Version 1.11), i got this window:

So, the exe is just a .vbs file?

I'm really liking this project and would like to switch over from 7zip to this for creating encrypted backups of our company data. I currently have an autohotkey script that generates a password and then creates an encrypted 7z file using the command line interface. Is there any plans of bringing this kind of functionality to Picocrypt in the future?

Thanks for the great work!

When dropping any type of file to picocrypt on arch linux it suddenly closes.

A button right side of password entered area named "generate" would be pretty usefull.
Ideally I would suggest implement Bitwarden's generator.
And some optional checkboxes like "copy the generated password to the clipboard" or "remove the password from the clipboard after x time passed" or "save the generated password to a text file where the encrypted files will be located".

Hello, in xUbuntu 20.04 Picocrypt show error:

$ picocrypt
panic: failed to create window: VersionUnavailable: GLX: Failed to create context: GLXBadFBConfig

goroutine 1 [running, locked to thread]:
github.com/HACKERALERT/giu.NewMasterWindow({0x8b4d1d, 0x9}, 0x13e, 0x1df, 0xa0?)
	/root/go/pkg/mod/github.com/!h!a!c!k!e!r!a!l!e!r!t/[email protected]/MasterWindow.go:73 +0x626
main.main()
	/root/parts/picocrypt/build/Picocrypt.go:1719 +0x38

As i understand problem with openGL version.
How correct it?
Thank!

Those namings can be considered as metadata leakage and this is not matching with Picocrypt's ideology.

It would be interesting a comparison table like this https://www.cryfs.org/comparison It is at the end of the page.

Some of the possible software to compare: cryfs (can be used with sirikali GUI), finalcrypt, cryptomator, veracrypt and zulucrypt.

I have release 1.27 of Picocrypt installed on an Intel Mac with Monterey 12.3.1. After encrypting a folder, I am unable to decrypt it and receive an error message: The document “test-folder_secure.zip.pcv” could not be opened. Picocrypt cannot open files of this type.

The gif below shows the process:

Let me know if you need more information—I'm happy to help!

Hello,

If output file is long enough you are not able to see it completely
Maybe making that box horizontally scrollable could be a fix, but any solution would be fine

Below an highlighted graphical explaination of the issue:

On inspection I see a handful of potential data races. There are many cases where UI elements modify something in memory that may be simultaneously used by I/O related code (and vice versa).

For example stopShredding https://github.com/HACKERALERT/Picocrypt/blob/main/src/Picocrypt.go#L219 is bound to a UI action https://github.com/HACKERALERT/Picocrypt/blob/main/src/Picocrypt.go#L912 which will write to stopShredding in a different context than where it's consumed https://github.com/HACKERALERT/Picocrypt/blob/main/src/Picocrypt.go#L2174

Seems like most of the shredding related variables have this issue.

Kaspersky Anti-Virus: Trojan.Win32.Wofith.hqa
Picocrypt.exe
MD5: 5B7F59847E19C475FE2F89DAA98446FC

Hello there ,
I am using 32 bit desktop computer with Windows 8.1 and I tried 7 releases of Picocrypt but some of them are not even compatible with my pc and the rest do not even open. I tried the installer version as well and it is successfully installed but does not open at all , no responses.

Is there any solution for this?
And would you mind telling me the required system for this software to work?
Mine is 32bit - Ram 2GB - CPU 2.5 Ghz & Windows 8.1

During the decryption of a file, if a file with the same name exists, Picocrypt asks if I want to overwrite it. Answering Yes, but giving the wrong password deletes the existing file anyway.

my time will spare in about two-months future.
wait me!

The exe gets 5 hits on virustotal. It would be useful to try to fix this.

I'd like to have a folder that I can throw files in, and they'll automatically get encrypted and moved to an output folder.

My use-case for this is encrypting text files with my 2FA backup codes, and then storing them in my nextcloud instance. I'd love if this could work using a public/private key implementation, but wouldn't mind if it popped up to ask for a password either.

Hello,

I was trying out Picocrypt, so I took a folder (2.3GB) and encrypted it with Picocrypt. I used the Reed Solomon feature since my goal is long term cloud storage.
Encryption was kinda slow, but I suppose that's normal considering that the tooltip on reed solomon warns you "slow).
Anyway, this is not an issue, it took about 10min to encrypt which is fine for me.

However, when I tried to decrypt said file (2.6GB after encryption with RS) it was very very very slow. The ETA was of 5 hours!

What's going on here? I don' think this behavior is normal/working as intended

Some info about me:

OS: Windows 10 Home 21H2 Build 19044.1586
CPU Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz 1.19 GHz
RAM 8,00 GB
Picocrypt version 1.25

Even if in the screenshot you see the force decrypt option ticked, I first tried with the simple decrypt, but it was slow in the same way.
So, before opening this, I tried with the "force decrypt" option ticked hoping it would have speed up things.
However, no success.

Frequently Asked Questions

You may have some questions about how Picocrypt works, what you can do with it, or why it doesn't work. Most of your questions will probably be answered here, so read on!

To do
"Can I use Pico for my cloud storaged files?"
"Why there is a paranoid mode, is not Pico safe enough?
"Does my password strength matters?"
"Can I use Pico on older devices?"

General

Will Android/iOS be supported?
No, I won't support Android or iOS because they are very different from desktop operating systems and require a lot of work to compile for. The native language for Android apps is Java and the native language for Apple is Swift, however, Picocrypt is written in Go. While Go does have some Android support, the underlying GUI library used by Picocrypt doesn't support Android. Fortunately, since Picocrypt is open source, there may be a community-based Android port in the future, which I would be happy to merge in and maintain. For iOS, it is much more difficult because Apple has deprecated OpenGL from iOS and macOS to push their own proprietary Metal framework. Picocrypt requires OpenGL to run, and if Apple doesn't support the widely-adopted standard, it is impossible to have an iOS app (shame on you, Apple).

Why does my antivirus think Picocrypt is a virus?
Unfortunately, due to the nature of Picocrypt, it can look like a virus to antiviruses. Picocrypt contains code for encryption, which is seen in ransomware, and also contains code to delete files (the "Delete files" feature), which also is seen in ransomware. So to an antivirus, Picocrypt can look malicious, however, it is not, so please submit it as a false positive to help out everyone.

What file types can I encrypt?
You can encrypt any types of files with Picocrypt, there is no limitation.

Can I decrypt my files outside of Picocrypt?
No, you will need to use Picocrypt to decrypt any files encrypted with Picocrypt. This is because Picocrypt uses its own header format.

Can I change the extension of a Picocrypt volume?
No, please don't do that. Picocrypt volumes will typically look something like name.extension.pcv and when decrypting, uses the name.extension as the output. If you remove the extension and rename your volume to name.pcv, then Picocrypt doesn't know what the original extension is and will decrypt to name with no extension. So make sure you don't do that.

I want to help translate, how should I start?
Click here, which will lead you to the homepage document. To translate, simply copy everything into a text editor and replace all English strings with their equivalent in your language. When you're done translating, fork this repo and create a new file under translations and put your translated file there. Then, send a PR. If you don't know how to do that, feel free to just send me the document and I will take it from there.

Features

Will Picocrypt accept new features?
No, Picocrypt is considered feature-complete and won't be getting any new features. Unlike some other tools which try to constantly add new features and introduce new bugs and security holes, Picocrypt focuses on just a few features but doing each of them exceptionally well.

Does Reed-Solomon affect the speed of encryption/decryption?
It will only slow down your encryption speed under normal circumstances. If you decrypt a Reed-Solomon-encoded volume, it will decrypt at normal speed as long as there isn't any corruption. If there is corruption, however, Picocrypt will slow down significantly to rebuild the lost data. It will be slow, but remember, it's better to have your data back intact than not have it at all.

Windows

Picocrypt won't start. What should I do?
First, try using Picocrypt-NoGL.exe instead of the standard Picocrypt.exe. The standard Picocrypt.exe uses hardware-accelerated OpenGL for drawing the UI, but on systems that don't have OpenGL support, Picocrypt-NoGL.exe will use Mesa3D's software renderer instead.

macOS

I can't open Picocrypt because it's from an unverified developer!
Right click on Picocrypt.app and hit "Open". macOS will still not allow you to run Picocrypt, so right click on Picocrypt.app again and hit "Open", and you should get the option to run Picocrypt.

Linux

Should I use the .deb or AppImage?
I generally recommend the .deb over the AppImage and Snapcraft because it is the most "native" and will run with the best performance, reliability, and consistency. There are situations, however, where the AppImage may be appealing, such as a live operating system like "Tails", or on a non-Debian based distro like Fedora or Arch. The Snap is provided as a fallback if you are unable to install the .deb or run the AppImage, and should be avoided when possible.

Can I use Pico on live disk environments?
Yes, Picocrypt fully supports any Debian-based live distro such as Tails.

Hi,

thanks for awesome app! Still performance, unfortunately, is not the best... And you explain why.

Looks like Nuitka has significant performance gain vs CPython which in theory could add some extra speed:

https://speedcenter.nuitka.net

There are more related projects, e.g. Numba looks promising: https://numba.pydata.org

Would be glad to learn your opinion!

Cheers

Not just for graphical user interface but also for encoding/characterset. As you may see in the screenshot below some letters (Turkish ones in my case) becomes to question marks.
Also, I want to conribute as a translator, so waiting for it.

I believe this would make things much more straight forward (and also there's not really an expression for this in Hungarian). Since telemetry is not necessarily a bad thing in IT and phoning home is a term that suggests slight malice and non desired effects there might be a better alternative for "Telemetry", though I still believe this is the most suitable, straight forward and simple word for this.

With #4 a context menu via right click can provide such a feature.

I'm currently testing Picocrypt because I like the idea and functionality behind this lightweight tool. I believe my rather "non-techy" perspective can be of value (in terms of expectations and workflow).

Usecase

As a user I want to chose a custom output (~ save to) location for my decrypted folder. This option is available; but:

Possible issue

I navigate to my desired location and define a file name without adding an extension. The file type drop-down menu is empty. I just leave it that way (especially because I can't select anything anyways). This results in a decrypted file without a file type that is somewhat unusable for a non-techy user. Solution: I should have added .zip to my filename.

So far I've only tested this with a folder (→ .zip). Doing this with a single file might lead to a similar experience.

Possible solution

Force add the correct file extension or provide an exemplary file name (e.g. based on encrypted file name) in the explorer window including the correct file extension instead of leaving it empty.

Environment

• Windows 10, 64bit
• Version 1.17 stable

Not sure if you're aware of this or not, but Picocrypt 1.11's download features a broken .app file.

1.10 works fine, however.

Hi,

This is an interesting project, I understand the need for it. But I'd like to know why XChaCha20 was chosen over AES. I'm as much of a Bernstein fan as the next person, but I see almost no fair reason for this - particularly given Picocrypt has at least some performance concerns (i.e., fast mode) and AES' ubiquity in hardware implementations. There's no question XChaCha20 is significantly slower AES, and likely incurs a greater performance penalty over large amounts of data than using SHA3 over Blake2b.

Thanks.

Providing an installer for Windows solve the following problem:

The portable .exe can be detected as a virus, because it uses 7-Zip's self-extracting archive format to bundle Python along with Picocrypt

Idk how it's called, but when setting a password for the file, it says that "password1." is strong (green bar) and "password1" is medium strong (orange bar)

You could solve this by implementing "zxcvbn"

Thanks

Would love to install this as an .apk and encrypt on the go!