A robust command-line tool for securely encrypting and decrypting files and directories using modern, authenticated encryption (AES-256-GCM). It features a secure key derivation mechanism (PBKDF2) and a user-friendly, interactive menu.
-
Modern Authenticated Encryption: Utilizes AES-256-GCM to provide both confidentiality and integrity, ensuring your files are not only unreadable but also protected from tampering.
-
Secure Password Handling: Implements PBKDF2 with a random salt and a high iteration count (100,000) to derive a strong encryption key from your password, protecting against brute-force and dictionary attacks.
-
Memory Efficient: Processes files in manageable chunks (64 KB), allowing it to encrypt and decrypt very large files with minimal memory consumption.
-
Interactive & User-Friendly: Features a simple, colored, menu-driven interface that makes it easy to use without needing to remember complex commands.
-
Self-Contained Encrypted Files: Creates a single, secure output file (.saef) for each input file, simplifying file management.
-
Directory Processing: Can recursively encrypt or decrypt all files within a specified directory.
-
Cross-Platform: Built with standard Python libraries to ensure it runs smoothly on Windows, macOS, and Linux.
- Python 3.6 or higher
- pycryptodome
- colorama
-
Clone the repository or download the script:
git clone https://github.com/Raafay892/secure_file_encryptor.git cd secure_file_encryptor -
Install the required libraries using pip:
pip install pycryptodome colorama
##
Run the script from your terminal to launch the interactive menu.
python3 secure_encryptor.pyYou will be presented with the following options:
==============================
SECURE FILE ENCRYPTOR
==============================
1. Encrypt a File or Directory
2. Decrypt a File or Directory
3. Exit
------------------------------
Enter your choice (1-3):- Select an option (1, 2, or 3).
- Enter the full path to the file or directory you want to process.
- Enter your password when prompted. For encryption, you will be asked to confirm it.
- The script will handle the rest and provide status messages for the operations. The original file will be automatically and securely removed after a successful operation.
- A secure random salt is generated.
- Your password and the salt are run through PBKDF2 to derive a strong 256-bit encryption key.
- A unique nonce (number used once) is generated for the AES-GCM cipher.
- The file is read in chunks, and each chunk is encrypted.
- The final encrypted file is created with the following structure:
[SALT][NONCE][ENCRYPTED DATA][AUTHENTICATION TAG].
- The salt, nonce, and authentication tag are read from the encrypted file.
- The same PBKDF2 process is used with your password and the extracted salt to re-derive the exact same encryption key.
- The encrypted data is decrypted chunk by chunk.
- Finally, the authentication tag is verified. If the verification succeeds, the file is authentic and unaltered. If it fails, it means the file has been corrupted, tampered with, or the password was incorrect.
DO NOT FORGET YOUR PASSWORD.
Due to the secure nature of the encryption, there is no way to recover a forgotten password. The encrypted files will be permanently inaccessible without the correct password.
This project is licensed under the MIT License. See the LICENSE file for details.