rsecure is a simple and secure command-line tool for AES-GCM file encryption and decryption, built in pure Rust. Ideal for protecting sensitive files, backups, and personal data.
Keep It Simple Stupid
- π AES-256 GCM encryption & decryption
- π Fast & dependency-free (pure Rust)
- π‘οΈ Safe key handling (keys never stored with data)
- π₯οΈ Simple CLI interface
- π¦ Available on crates.io
paru -S rsecure # or yay -S rsecureUsing cargo
cargo install rsecuregit clone https://github.com/containerscrew/rsecure.git
cd rsecure
cargo build --release
sudo cp ./target/release/rsecure /usr/local/bin/| Command | Description |
|---|---|
rsecure create-key -o /mnt/myusb/rsecure.key |
Generate a new AES-256 key and save it to a file |
openssl rand -out /mnt/myusb/rsecure.key 32 |
Alternative: generate a random 256-bit key using OpenSSL |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt |
Encrypt a single file (.enc file is created in the same directory) |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Encrypt all files in a directory |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt.enc |
Decrypt a single encrypted file |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Decrypt all files in a directory |
rsecure encrypt -r -p /mnt/myusb/rsecure.key -s /tmp/rsecure/dirtoencrypt/ |
Encrypt and remove original files (plain text) |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/rsecure/dirtoencrypt -e '.git' |
Encrypt all files in a directory excluding .git/ files |
Warning
Saving the key in the same local filesystem where you save the encrypted files is not a good idea.
Save the key in a secure location, like a USB drive or a password manager.
Or just save it in a root owned directory with strict permissions (will require sudo to use it).
Important
By default, rsecure will not delete the source plain files after encryption to avoid data loss.
If you want to delete the source files after encryption, use -r flag.
Testing encryption and decryption:
mkdir -p /tmp/rsecure/dirtoencrypt
touch /tmp/rsecure/filetoencrypt.txt
echo 'please, hack me!' > /tmp/rsecure/filetoencrypt.txt
for i in {1..10}; do
head -c 100 /dev/urandom | base64 > /tmp/rsecure/dirtoencrypt/file_$i.txt
done
mkdir /tmp/rsecure/dirtoencrypt/.git/
touch /tmp/rsecure/dirtoencrypt/.git/ignoreme.txt
touch /tmp/rsecure/dirtoencrypt/.git/notthisfile.txtrsecure create-key -o ~/.keys/rsecure.key
rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt
rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt.enc
#
rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/
rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/
rsecyre encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/ -e '.git'rsecure is distributed under the terms of the GPL3 license.