GoxLock is a cli encryption tool made compeletly on golang. Providing many features that is needed for a powerful encryption
Install my project installer via github:
- Installer -> releases@latest
- download whole project -> project_download
goxlock is a powerful folder encryptor that can encrypt the folder in a custom extension file using AES-GCM .
The data is stored no where in normal procedure and is secure from all threats .
Only the actual user can access the file because goxlock utilizes the os level encryption and base encryption .
goxlock never hides , its actually protect the data .
The GCM protection layer makes sure that the data inside is always relevant and user will know if GCM failed during unlocking.
Error hunting is made very simple and robust covering each part of error occurance and dealing with it.
Error hunt follows these rules:
- A function must only care about its input and internal data of not being empty or undesired
- It must not care or protect against uncertain details , its the part of the calling function.
Because of these implementations , the app is easy to understand , And the error code dont feels like burden. Current error codes are ok!. But in next few updates those will be revamped to a better design.
Header your goxlock experience with a simple check.
- This given checks whether the base setup is done correctly or not. This checks the function responsible for thee actions.
goxlock --doctor- To lock a folder , choose something spare and lock it with following command.
goxlock --lock -f '<folder>'- This will lock your folder on the same parent dir as the locking folder.
- To unlock , just get the path of the locked
.g-lockfile and paste it .
goxlock --unlock -f '<locked_file>'- If you dont want to write just double click on the locked file (you must see a
gopher lock imageon the file display) , it will straight up give you thecmd.exeshell.
-
You can customize your actions with other provided embeded actions within the application.
-
The following will show you how you can do basic customization into the application behaviour.
- To verify the password , just copy the path of the locked file and do the following .
goxlock --verify-password -f '<locked_file>'- To see header details (header are for debugging and seeing the control flow) you shall do the following.
goxlock --header -f '<locked_folder>'- To change the password , do the following.
goxlock --change-password -f '<locked_folder>'- If you want to delete the file/folder after lock or unlock , you shall do this.
goxlock --lock -f '<folder>' --del-original- To change the output of the desired locking and unlocking action , try following.
goxlock --lock -f '<folder>' --out '<desired_location_path>'- You can provide a absolute path or the local path , both are supported
- To save what had happened while the run time ,do the following.
goxlock --lock -f '<folder>' --log- To make a profile that will given each time you wish to use it.
goxlock --make-profile --profile-name '<name>' --exlcude "*.txt,*.png"- There are many inbuilt things that you can save into a profile. Try using them by seeing and understanding them.
goxlock --use-profile --profile-name '<name>'- π AES-GCM encryption
- π Argon2 password derivation
- π§ Random Salt
- π² Random Nonce
- π‘ Header validation
- π Password verification without extracting
- π Change password
- β° Auto relock scheduler
- π Windows DPAPI session protection (for windows only)
- π Operation statistics
- π Logging system
- π€ Profiles
- π©Ί Doctor diagnostics
- π Written entirely in Go
- πͺ Native Windows support
There are vasr number of commands and behaviour you can choose from. Following list will tell the commands in breif.
f: Telling about the object path (must be absoulte)lock: Locks the given folderdel-original: Deletes the original objectout: Gives the custom name to the output folderunlock: Unlocks the targetted foldertime-out: time-Shedule re encryption over a certain time (must give minute/hour/day timelimits )change-password: Chnages your current passwordexclude: Excludes given patternsverify-password: Verify your folder password without unlocking itheader: Check header data of the encrypted filelog: Allow logger to log into the hardcoded filesread-log: Toggle the read log functionstats: Use it to see the stats of your operationlog-date: Gives the log date to instructorcheckupdate: Checks for provided updates from trusted sourcesdel-profile: Deletes the named profileupdate-profile: Updates the named profile with the given datause-profile: Use the saved profilemake-profile: Makes the profile of the user as per nameprofile-name: Stores the name of the profile
Safety is the only thing that goxlock targets . No password or secret is revealed in any file. The password is never stored in raw string or readable format (only for scheduling the password ecrypted form is stored after that it is destroyed).
- NOTE
- The User must know that the password is note stored in any kind of format normally.
- So if the you forget the password its your concern.
- Normally the app will not let it happen because it is built with password integrity checks on lock and end password showing.
- There is no option for
Forget Password - This app is only made for encryption purpose not for protection purpose , if you lost your file or someone altered your file bytes or deleted it , its upon you.
goxlockcan only protect from data not being shown up. Rest steps need to be taken by your side.- Schedule tasks when you need it otherwise normally unlock.
-
No actual file will be deleted unless the data is totally written . If anything corrupts you can just remove the resedue the corruption left.
-
The Schedulling is done under the prtection of DPAPI (windows) which is an OS level of protection given to per User.
-
The Overwrite is protected via the mutex made withing the OS.
-
The header is checked before unlocking to let the application be sure that is the file format to unlock.
-
Password hider is inbuilt from the buffer of the terminal.
-
The things that it can do for users saefty ->
Lost USB | β
Stolen encrypted file | β
File tampering | β
Same Windows user malware during active DPAPI session |
β οΈ LimitedKernel-level attacker | β
One of the best feature of goxlock is scheduling a task. Tough it requires the password to be stored in a encrypted format , it has its own pros.
The user can schedule the locking again after unlocking , this is done via task scheduler (for windows)
- NOTE
- If the current user is compromised or the device is open as the current user , the data is not safe.
- Hence , use it when you are confrimed that no one will peak out.
- Locking
User
β
Argon2
β
AES Key
β
Encrypt
β
.g-lock
- Unlocking
Password
β
Argon2
β
Verify
β
Decrypt
There are still some known limitations for this app which will be solced in the future.
- Windows only
- Less understandable to non cli users
- Non UI interface
Here will be the name of the contributors.
- TOXICAI314 (self)
- Every Contributor is most welcomed by me <happy_emoji>.
This project uses the following License, check that out for more details.
-
GOLang & module developers : For providing such an easy and robust language to work upon and easy modules to pass by.
-
Windows API : For making the system integration possible
-
Inno Setup : For making the application better on the installation side
Golang simpley folows these rules on the out face of it.
-
Security first
-
Simple commands
-
Transparent behaviour
-
No hidden network communication
-
No cloud dependency
According to goxlock no private info must go out the boundaries of the user hardware. No data can be seen other.
The user must feel secure of what they got for the privacy.
BECAUSE ASSURANCE COMES FROM TRUST.
The next update details will be discussed here:
v1.1 - The UI update
1. Making ui elements better
2. TUI
3. Better Error messages
4. Rich , colorful and structured base output
4. Logic fixes (always)
TOXICAI314 promises that:
-
The app will never have ADs or any kind of subscription. Its free to use and distribute
-
No data will leave your computer , it will stay where it is.
-
No AI integration will be made for this.
-
No Telemetry will be done on the user , Never even in asked or intentional.
-
No Login or Account system will be made , Its free for all.
