SimpleCrypt is a robust Rust-based command-line application that provides secure file and directory encryption using AES-256-CBC with PBKDF2 key derivation. It offers comprehensive features for both individual files and entire directories with progress feedback and secure memory practices.
Important: Due to earlier errors, versions before SimpleCrypt v1.3 Beta 1 are no longer available.
- AES-256-CBC Encryption: Industry-standard symmetric encryption
- PBKDF2 Key Derivation: Secure password-based key derivation with 100,000 iterations
- File & Directory Support: Encrypt individual files or entire directories recursively
- Progress Feedback: Real-time progress indicators and completion summaries
- Secure Memory: Sensitive data is securely wiped from memory after operations
- Comprehensive Error Handling: Detailed error messages and validation
- Cross-Platform: Works on macOS, Linux, and Windows
- Rust and Cargo (latest stable version)
- OpenSSL development libraries
# Install OpenSSL using Homebrew
brew install openssl
# Install Rust (if not already installed)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Install OpenSSL development libraries
sudo apt-get update
sudo apt-get install libssl-dev build-essential
# Install Rust (if not already installed)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Install OpenSSL development libraries
sudo dnf install openssl-devel gcc
# Install Rust (if not already installed)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Install OpenSSL using Chocolatey (as Administrator)
choco install openssl
# Install Rust (if not already installed)
iwr -useb -uri https://static.rust-lang.org/rustup/dist/x86_64-pc-windows-msvc/rustup-init.exe | iex
-
Clone or download the project
# If using git git clone <repository-url> cd SimpleCrypt # Or extract the project files
-
Build the application
# Build in release mode (optimized) cargo build --release # Or build in debug mode (faster compilation) cargo build
-
Run the application
# From the project directory cargo run -- <command> <arguments> # Or use the compiled binary ./target/release/simplecrypt <command> <arguments>
cargo run -- encrypt document.txt mysecurepassword
cargo run -- decrypt document.txt mysecurepassword
cargo run -- encrypt-dir /path/to/directory mysecurepassword
cargo run -- decrypt-dir /path/to/directory mysecurepassword
cargo run -- --help
Encrypts a single file using the provided password.
Arguments:
FILE
: Path to the file to encryptPASSWORD
: Secure password for encryption
Example:
cargo run -- encrypt sensitive_data.txt "MyP@ssw0rd123!"
Decrypts a single file using the provided password.
Arguments:
FILE
: Path to the encrypted file to decryptPASSWORD
: Password used for encryption
Example:
cargo run -- decrypt sensitive_data.txt "MyP@ssw0rd123!"
Encrypts all files in a directory recursively.
Arguments:
DIRECTORY
: Path to the directory to encryptPASSWORD
: Secure password for encryption
Example:
cargo run -- encrypt-dir ./my_documents "MyP@ssw0rd123!"
Decrypts all files in a directory recursively.
Arguments:
DIRECTORY
: Path to the directory containing encrypted filesPASSWORD
: Password used for encryption
Example:
cargo run -- decrypt-dir ./my_documents "MyP@ssw0rd123!"
- Use strong passwords (minimum 12 characters)
- Include a mix of uppercase, lowercase, numbers, and special characters
- Avoid common words or predictable patterns
- Use a unique password for each encryption operation
- Never store passwords in plain text
- Consider using a password manager
- Be careful when typing passwords (watch for shoulder surfing)
- Use environment variables for better security (see advanced usage)
- Always verify decrypted files before deleting originals
- Keep backups of important files before encryption
- Use version control for important directories
- Test encryption/decryption with non-critical files first
# Set password in environment variable
export SIMPLECRYPT_PASSWORD="MyP@ssw0rd123!"
# Use the environment variable
cargo run -- encrypt document.txt $SIMPLECRYPT_PASSWORD
#!/bin/bash
# encrypt_script.sh
PASSWORD="SecureScriptPassword2024"
SOURCE_DIR="/path/to/source"
DEST_DIR="/path/to/destination"
# Create destination directory if it doesn't exist
mkdir -p "$DEST_DIR"
# Encrypt all files in source directory
for file in "$SOURCE_DIR"/*; do
if [ -f "$file" ]; then
filename=$(basename "$file")
echo "Encrypting $filename..."
cargo run -- encrypt "$file" "$PASSWORD"
mv "$file" "$DEST_DIR/"
fi
done
echo "Encryption completed successfully!"
#!/bin/bash
# batch_decrypt.sh
PASSWORD="MySecretPassword"
ENCRYPTED_DIR="./encrypted_files"
DECRYPTED_DIR="./decrypted_files"
# Create output directory
mkdir -p "$DECRYPTED_DIR"
# Process files with error handling
for file in "$ENCRYPTED_DIR"/*; do
if [ -f "$file" ]; then
filename=$(basename "$file")
echo "Processing $filename..."
if cargo run -- decrypt "$file" "$PASSWORD" > /dev/null 2>&1; then
echo "✅ Successfully decrypted $filename"
mv "$file" "$DECRYPTED_DIR/"
else
echo "❌ Failed to decrypt $filename - check password or file integrity"
fi
fi
done
- Algorithm: AES-256-CBC (Cipher Block Chaining)
- Key Derivation: PBKDF2 with SHA-256
- Iterations: 100,000 (for brute-force resistance)
- Salt Length: 16 bytes (randomly generated)
- IV Length: 16 bytes (randomly generated)
- Output Format: JSON-encoded structure
Encrypted files contain a JSON structure with the following fields:
{
"salt": "base64-encoded-salt",
"iv": "base64-encoded-iv",
"data": "base64-encoded-encrypted-data"
}
- Memory Security: Sensitive data (keys, salts, IVs) is zeroed from memory after use
- No Key Storage: Keys are derived from passwords and never stored permanently
- Random Values: Salt and IV are generated using cryptographically secure random number generation
- Error Handling: Comprehensive validation prevents security vulnerabilities from malformed input
- PBKDF2 Iterations: Higher iterations increase security but slow down operations
- Large Files: Memory usage scales with file size (entire file loaded into memory)
- Directory Operations: Progress indicators help monitor long-running operations
Cause: Empty password provided Solution: Use a non-empty password
Cause: Specified file or directory doesn't exist Solution: Verify the path is correct and file exists
Cause: Wrong password or corrupted encrypted file Solution: Verify password and file integrity
Cause: Insufficient permissions to read/write files Solution: Check file permissions and run with appropriate privileges
Cause: Directory doesn't exist or insufficient permissions Solution: Verify directory path and permissions
For detailed debugging, you can enable verbose output:
# Enable Rust backtrace on errors
RUST_BACKTRACE=1 cargo run -- encrypt file.txt password
# Check file permissions
ls -la file.txt
# Verify OpenSSL installation
openssl version
# Run all tests
cargo test
# Run tests with verbose output
cargo test -- --nocapture
# Run specific test
cargo test test_single_file_encryption_decryption
The test suite includes:
- Single file encryption/decryption
- Directory encryption/decryption
- Wrong password validation
- Empty password validation
- Help command functionality
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
- Follow Rust standard formatting:
cargo fmt
- Run clippy lints:
cargo clippy
- Ensure comprehensive test coverage
- Update documentation for new features
This project is licensed under the MIT License. See the LICENSE file for details.
For issues, questions, or contributions:
- Check the troubleshooting section
- Review existing issues
- Create a new issue with detailed information
- Include system information and error messages
- v1.0.0: Initial release with basic encryption/decryption functionality
- v1.1.0: Added directory operations and progress feedback
- v1.2.0: Implemented PBKDF2 key derivation and comprehensive error handling
- v1.3.0: Added secure memory practices and integration tests
Disclaimer: This software is provided "as is" without warranty. Always backup important files before encryption operations. The authors are not responsible for any data loss or security breaches resulting from the use of this software.
- macOS: OpenSSL via Homebrew + Rust
- Ubuntu/Debian:
libssl-dev
+ Rust - Fedora/CentOS:
openssl-devel
+ Rust - Windows: OpenSSL via Chocolatey + Rust
- Install prerequisites (OpenSSL + Rust)
- Clone/download project
- Build with
cargo build --release
- Run with
cargo run -- <command> <arguments>
encrypt [FILE] [PASSWORD]
- Single file encryptiondecrypt [FILE] [PASSWORD]
- Single file decryptionencrypt-dir [DIRECTORY] [PASSWORD]
- Directory encryptiondecrypt-dir [DIRECTORY] [PASSWORD]
- Directory decryption--help
- Show help
- Strong password requirements (12+ chars, mixed characters)
- Password management recommendations
- File handling best practices
- Environment variable usage for security
- Scripting and automation examples
- Batch processing with error handling
- Environment variable integration
- Performance considerations
- Algorithm: AES-256-CBC with PBKDF2-SHA256
- Key Derivation: 100,000 iterations
- Output Format: JSON-encoded structure
- Memory Security: Secure data wiping practices
- Common error messages and solutions
- Debug information
- Permission issues
- File corruption handling
- Test suite coverage (5 comprehensive tests)
- Running instructions
- Test scenarios covered