A small Rust program designed to encrypt and decrypt files securely using Advanced Encryption Standard-Galois/Counter Mode, or AES-GCM, with a 256-bit key produced by scrypt key derivation function (KDF).

You can use this tool for various purposes, though here are some examples:

• Secure File Transfer: Encrypt sensitive files before transferring them over insecure channels, such as email or USB drives. (Similar to how data transfer over the internet)

• Data Backup: Enhance the security of backup files by encrypting them before storing them in cloud storage or external hard drives.

• Software Configuration/Environment Variables: Need to share those secrets? Encrypt them then commit to version control. Contributors can decrypt the files locally on their machine.

cargo install --path .

By default, all output will simply be written to standard output. I wanted a solution that offers flexibility for scripting, see examples.

To encrypt a file, first a key must be generated. For example, we are using the entire text of Frankenstein in a text file as the cryptographic key, though this may be done with different file types, since it's all 1's and 0's for computers anyway.

file-encryptor keygen < frankenstein.txt > secret.key

You can also pass in the option -p (or --password) to generate key from a certain passphrase.

file-encryptor keygen -p "this is my password" > secret.key

• NOTE: The AES256 key, which consists of 32 bytes, is produced with the following configuration as parameters for KDF scrypt:
  • $log_2N = 16$
  • $R = 8$
  • $P = 2$

To seal (encrypt) a file, say foo.txt:

file-encryptor seal foo.txt < secret.key > foo_ciphered

With additional authenticated data:

file-encryptor seal foo.txt -a "[email protected]" < secret.key > foo_ciphered

To open the foo_ciphered file:

file-encryptor open foo.txt < secret.key > foo-plaintext.txt

And if additional authenticated data was used:

file-encryptor open foo.txt -a "[email protected]" < secret.key > foo-plaintext.txt

file-encryptor --help
A small Rust program to deal with file encryption

Usage: file-encryptor [OPTIONS] <COMMAND>

Commands:
  keygen  generate a key, from pure random bytes, or from an input password
  open    open an encrypted file
  seal    seal a plaintext file
  help    Print this message or the help of the given subcommand(s)

Options:
  -h, --help  Print help