Crypt - Secure File Encryption Tool

A professional, high-security file encryption utility written in Rust using ChaCha20-Poly1305 authenticated encryption.

Security Features

• Algorithm: ChaCha20-Poly1305 (AEAD cipher)
• Key Derivation: Argon2 (memory-hard password hashing)
• Nonce: 96-bit random (unique per encryption)
• Salt: 128-bit random (unique per encryption)
• Key Size: 256-bit
• Authentication: Built-in authentication tag to detect tampering

Installation

Prerequisites

• Rust 1.70 or higher
• Cargo

Build from source

git clone https://github.com/wignn/crypt
cd Crypt
cargo build --release

The compiled binary will be in target/release/crypt.exe (Windows) or target/release/crypt (Unix).

Usage

Encrypt a file with password

crypt encrypt -i file.txt -o file.enc -k mypassword

Encrypt a file with key file

crypt encrypt -i document.pdf -o document.enc -k keyfile.key -f

Decrypt a file with password

crypt decrypt -i file.enc -o file.txt -k mypassword

Decrypt a file with key file

crypt decrypt -i document.enc -o document.pdf -k keyfile.key -f

Generate a random key file

crypt generate-key -o my-secret.key

Command Reference

encrypt (alias: enc)

Encrypts a file using ChaCha20-Poly1305 AEAD cipher.

Options:

• -i, --input <FILE> - Input file path to encrypt
• -o, --output <FILE> - Output file path for encrypted data
• -k, --key <PASSWORD|FILE> - Encryption key (password or file path)
• -f, --key-file - Use file as key source instead of password

decrypt (alias: dec)

Decrypts a previously encrypted file.

Options:

• -i, --input <FILE> - Encrypted file path to decrypt
• -o, --output <FILE> - Output file path for decrypted data
• -k, --key <PASSWORD|FILE> - Decryption key (must match encryption key)
• -f, --key-file - Use file as key source instead of password

generate-key (alias: genkey)

Generates a random 256-bit cryptographic key file.

Options:

• -o, --output <FILE> - Output path for the generated key file

Security Best Practices

1. Use Strong Passwords: Minimum 12 characters with mixed case, numbers, and symbols
2. Key Files: For sensitive data, use key files instead of passwords
3. Secure Storage: Store keys and passwords securely - they cannot be recovered if lost
4. Verify Decryption: Always verify the decrypted file to ensure integrity
5. Unique Keys: Use different keys for different purposes

Testing

Run the test suite:

Run tests with output:

cargo test -- --nocapture

File Format

Encrypted files have the following structure:

[SALT (16 bytes)][NONCE (12 bytes)][CIPHERTEXT + AUTH_TAG]

• Salt: Used for key derivation with Argon2
• Nonce: Ensures each encryption is unique (never reused)
• Ciphertext: The encrypted data
• Auth Tag: 128-bit authentication tag (prevents tampering)

Disclaimer

This tool is provided as-is for educational and personal use. Always backup important data before encryption. The authors are not responsible for data loss.