Filecryption

Allows encryption and decryption of files using Argon2i and XChaCha20Poly1305 in Rust.

Usage

• Clone the repo, and download the binary for your architecture or run binary.sh or cargo run. Rust needs to be installed (version >= 1.73). If you have a older version, you can try to run it using cargo run --ignore-rust-version but it is not guaranteed to work.
• The script works only from the command line.
• Enjoy 👍

Allows encryption and decryption of files using Argon2 and XChaCha20Poly1305

Usage: filecryption [OPTIONS] <ACTION> [FILE]...

Arguments:
  <ACTION>   [possible values: encrypt, decrypt, compute]
  [FILE]...  File(s)/Directories to encrypt/decrypt

Options:
  -a, --argon2 <ARGON2>      Argon parameter (default should be fit, but can be computed with -t), set exponential for argon, must be between 5 (very low - low CPU devices) and 50 (nearly impossible to compute) [default: 16]
  -f, --filename             Encrypt filename
  -p, --password <PASSWORD>  Password input
  -r, --recursive            Recursive all directories and files
  -v, --verbose              verbose mode
  -h, --help                 Print help
  -V, --version              Print version

Important

Do not try to reencrypt already encrypted files. It is clear that this program performs a real encryption and if you alter, edit encrypted files, the parameters file created or lose your password, it will be impossible to decrypt your data. You should keep a backup on a secure device. Do not attempt to change extension, filenames of files, move or delete the parameters file created. However, you can tag it as immuable : # chattr +i file (as a root)

Example :

• ./script encrypt file.txt to encrypt file.txt
• ./script decrypt file.txt to decrypt file.txt
• ./script -f decrypt file.txt to decrypt file.txt and its filename
• ./script -frv encrypt ~ to encrypt and verbose full home and its filename
• ./script -frv encrypt ~ to decrypt and verbose full home and its filename

Informations

Files inside directories won't be taken into account unless recursive is set. Password would be asked in secure tty but can be unsecurely provide as an argument. A hidden file is created containing the salt and derivation parameters for Argon2. It should be automatically detected when encrypting and decrypting. This file is needed to decrypt and should not be moved or altered.

LICENSE

This program is under GPL-3 licence.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

Argon2i infos

Depending on your platform and devices, argon parameters can be edited. To detect the trade-off configuration, run ./script compute and provide this value as -a value when using this script. The default value is 16 and is the recommended value.

Table of values for argon parameter and memory cost

Keep in mind that values higher than 20 could just make your computer lag or crashes and you should really compute before choosing a higher value than default.

Value of argon	Memory cost
5	32 KB
6	64 KB
7	128 KB
8	256 KB
9	512 KB
10	1.02 MB
11	2.05 MB
12	4.1 MB
13	8.19 MB
14	16.4 MB
15	32.8 MB
Recommended --> 16	65.5 MB
17	131 MB
18	262 MB
19	524 MB
20	1.05 GB
21	2.1 GB
22	4.19 GB
23	8.39 GB
24	16.8 GB
25	33.6 GB
26	67.1 GB
27	134 GB
28	268 GB
29	537 GB
30	1.07 TB
31	2.15 TB
32	4.29 TB
33	8.59 TB
34	17.2 TB
35	34.4 TB
36	68.7 TB
37	137 TB
38	275 TB
39	550 TB
40	1.1 PB
41	2.2 PB
42	4.4 PB
43	8.8 PB
44	17.6 PB
45	35.2 PB
46	70.4 PB
47	141 PB
48	281 PB
49	563 PB
50	1.13 EB