A CLI tool for secure file encryption using AES-256-GCM and Argon2.
Project description
Cryptor CLI Tool
cryptor-cli is a secure command-line interface (CLI) tool for encrypting and decrypting files using robust cryptographic primitives. It employs envelope encryption with AES-256-GCM for data, and a password-derived Argon2id key for master key protection, ensuring high levels of confidentiality, integrity, and authenticity.
Features
- Strong Encryption: Utilizes AES-256-GCM for authenticated encryption.
- Secure Key Derivation: Employs Argon2id (the current industry standard) to derive cryptographic keys from your password, protecting against brute-force attacks.
- Envelope Encryption: Each file is encrypted with a unique Data Encryption Key (DEK), which is then encrypted by a Master Key (KEK). This isolates the risk: compromise of one DEK does not affect other files.
- Key Wrapping: Uses AES Key Wrap for secure management of encryption keys.
- Data Integrity: Guarantees that any tampering with encrypted files will be detected during decryption.
- Simple CLI: Easy-to-use commands for key management, encryption, and decryption.
Installation
-
Clone the repository (if you haven't already):
# Assuming you are in the parent directory of your project git clone https://github.com/yourusername/cryptor-cli.git # Replace with your repo URL cd cryptor-cli
-
Create and activate a Python virtual environment: It's highly recommended to use a virtual environment to manage dependencies:
python3 -m venv venv source venv/bin/activate
-
Install the package: Navigate to the directory containing
setup.pyand install in editable mode:pip install .
Usage
Once installed, the cryptor command will be available in your activated virtual environment.
1. Generate a Master Key
Before you can encrypt or decrypt any files, you need to generate a master key. This key will be encrypted by a password you provide and stored in master.key.
cryptor manage-keys generate
You will be prompted to enter and confirm a strong password.
2. Encrypt a File
To encrypt a file, specify the input (plaintext) file and the desired output (encrypted) file.
cryptor encrypt my_secret_document.txt my_secret_document.crpt
You will be prompted for your master key password.
3. Decrypt a File
To decrypt an encrypted file, specify the input (encrypted) file and the desired output (plaintext) file.
cryptor decrypt my_secret_document.crpt my_secret_document_decrypted.txt
You will be prompted for your master key password. The decrypted content will be written to my_secret_document_decrypted.txt.
4. Change Master Key Password
If you need to change the password protecting your master key:
cryptor manage-keys change-password
You will be prompted for your current password, and then for your new password (twice for confirmation).
Security Notes
- Strong Passwords are Crucial: The security of your encrypted files ultimately depends on the strength of your master key password. Use a long, complex, and unique password.
- Protect
master.key: Themaster.keyfile contains your encrypted master key. While it's protected by your password, it should be treated as highly sensitive. Back it up securely, and ensure it's not accidentally deleted or exposed. - Nonce Reuse (Prevented): This tool uses a unique, randomly generated nonce for every encryption operation, which is critical for the security of AES-GCM. Never manually encrypt data with a reused nonce and the same key.
- No Tampering (Detected): Due to the use of Authenticated Encryption (AES-GCM), any attempt to tamper with the encrypted data will result in a decryption failure (an
InvalidTagerror), protecting you from malicious modifications. - Key Storage: The master key is stored on your local filesystem, encrypted by your password. For scenarios requiring extreme security or multi-user access, consider integrating with Hardware Security Modules (HSMs) or cloud Key Management Services (KMS).
Contributing
Contributions are welcome! Please feel free to open issues or submit pull requests.
License
This project is licensed under the MIT License. See the LICENSE file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cryptor_cli-0.1.0.tar.gz.
File metadata
- Download URL: cryptor_cli-0.1.0.tar.gz
- Upload date:
- Size: 5.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7464d94303785bc3d5aaa88efc1339ad4dcaa74bc84f5494ce4af8304f9097f3
|
|
| MD5 |
5adcabae264acca1f429e5ba2062feee
|
|
| BLAKE2b-256 |
13d853372a9f82bd5dff1d4acea69460c3b52d24fb41ba09727ba2e3ae81d422
|
File details
Details for the file cryptor_cli-0.1.0-py3-none-any.whl.
File metadata
- Download URL: cryptor_cli-0.1.0-py3-none-any.whl
- Upload date:
- Size: 5.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
036b68b6fe9cff4a2341b7d9f1e2546ef2623bffcd550eb35eece1d00c9af2fc
|
|
| MD5 |
e41b85cc6e75b9253cf4619afd38b507
|
|
| BLAKE2b-256 |
654d15b3c6153711d8c4453ff9af7f3baf6a0bd31de3d300865e59ba4627eac9
|
