openssl-encrypt 0.8.1

A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files

Version 0.8.1: Restructured Metadata

With the release of version 0.8.1, openssl_encrypt now uses a new metadata structure. format_version 5 represents that new structure. The change is implemented to avoid any breaking changes to prior versions. Therefore the code is able to process all supported format versions transparently. Unittests of existing (older metadata) encrypted file are passing. Tests for new structure yet to come

Secure File Encryption Tool

A powerful tool for securely encrypting, decrypting, and shredding files with military-grade cryptography and multi-layer password hashing.

History

The project is historically named openssl-encrypt because it once was a python script wrapper around openssl. But that did not work anymore with recent python versions. Therefore I decided to do a complete rewrite in pure python also using modern cipher and hashes. So the projectname is a "homage" to the root of all :-)

Important note: although whirlpool is supported by this tool, I do not recommend using this hashing algorithm. That is because building whirlpool via pip fails on recent Python versions (>= Python 3.12). If you want to use it you should have a look at pyenv which allows multiple Python versions to exist in peaceful co-existence. whirlpool will remain in the code also in future versions of this application \

Issues

you can create issues by sending mail to the linked address

Features

• Strong Encryption: Uses Fernet symmetric encryption (AES-128-CBC) as default with secure key derivation. Also supports AES-GCM, AES-SIV, CAMLELIA, POLY1305-CHACHA20, AES-GCM-SIV, AES-OCB3 ans XCHACHA20_POLY1305 as ecnryption algorithm
• Multi-hash Password Protection: Optional layered hashing with SHA-256, SHA-512, SHA3-256, SHA3-512, Whirlpool, BLAKE2b and SHAKE-256 they all can be chained with different rounds to create key-stretching
• Multi-KDF Password Protection: Optional layered KFD with PBKDF2, Scrypt, Argon2 and Ballon they all can be chained with different rounds to create key-stretching and very strong brute-force prevention
• Postquantum Resistance: Using a hybrid approach to implement postquantum resistance. Still using symetrical encryption but with a key derived with Kyber KEM for postquantum resistance
• Keystore for PQC keys: a local keystore can be used to maintain and manage the PQC keys used for encrypting your files
• Password Management: Password confirmation to prevent typos, random password generation, and standalone password generator
• File Integrity Verification: Built-in hash verification to detect corrupted or tampered files
• Secure File Shredding: Military-grade secure deletion with multi-pass overwriting
• Directory Support: Recursive processing of directories
• Memory-Secure Processing: Protection against memory-based attacks and data leakage
• Glob Pattern Support: Batch operations using wildcard patterns
• Safe Overwriting: Secure in-place file replacement with atomic operations
• Progress Visualization: Real-time progress bars for lengthy operations
• Graphical User Interface: User-friendly GUI for all operations (beta)
• Built-in and custom Templates: built in templates like --quick --standard and --paranoid can be used. You can also define your own customized templates in ./templates

Files Included

• crypt.py - Main command-line utility
• crypt_gui.py - Graphical user interface
• modules/crypt_cli.py - Command-line interface
• modules/crypt_core.py - Provides the core functionality
• modules/crypt_utils.py - Provides utility functions
• modules/crypt_errors.py - Custom exception classes
• modules/crypt_settings.py - Configuration settings
• modules/balloon.py - Password hashing implementation
• modules/secure_memory.py - Provides functions for secure memory handling
• modules/password_policy.py - Password validation
• modules/pqc.py - Post-quantum cryptography implementation
• modules/keystore_cli.py - Keystore CLI functionality
• modules/keystore_utils.py - Keystore utility functions
• modules/keystore_wrapper.py - Keystore wrapper module
• keystore_cli_main.py - Keystore CLI entry point
• docs/install.md - Installation notes
• docs/usage.md - Usage notes
• docs/examples.md - Some examples
• docs/pqc.md - Post-quantum notes
• docs/password-handling.md - Notes about password handling
• docs/security-notes.md - Notes about security
• docs/buffer_overflow_prevention.md - Security implementation
• docs/security_improvements.md - Security enhancement details
• docs/keystore_cli_guide.md - Keystore CLI documentation
• docs/DUAL_ENCRYPTION_TESTS.md - Dual encryption test details
• docs/PQC_DUAL_ENCRYPTION.md - PQC dual encryption documentation
• unittests/unittests.py - Unit tests for the utility
• unittests/test_gui.py - Simple test for tkinter
• unittests/testfiles - Testfiles for unittests encryption
• tests/ - Contains all test modules for dual encryption and keystore functionality
• requirements.txt - Required Python packages
• README.md - This documentation file

all testfile files are ecrypted with password 1234 for your testing

License

MIT License