quickcrypt 1.0.0

Fast, offline encryption & key management. No cloud. No complexity. Military-grade security.
Documentation

QuickCrypt

   ██████╗ ██╗   ██╗██╗ ██████╗██╗  ██╗ ██████╗██████╗ ██╗   ██╗██████╗ ████████╗
  ██╔═══██╗██║   ██║██║██╔════╝██║ ██╔╝██╔════╝██╔══██╗╚██╗ ██╔╝██╔══██╗╚══██╔══╝
  ██║   ██║██║   ██║██║██║     █████╔╝ ██║     ██████╔╝ ╚████╔╝ ██████╔╝   ██║
  ██║▄▄ ██║██║   ██║██║██║     ██╔═██╗ ██║     ██╔══██╗  ╚██╔╝  ██╔═══╝    ██║
  ╚██████╔╝╚██████╔╝██║╚██████╗██║  ██╗╚██████╗██║  ██║   ██║   ██║        ██║
   ╚══▀▀═╝  ╚═════╝ ╚═╝ ╚═════╝╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝   ╚═╝   ╚═╝        ╚═╝

Encrypt. Decrypt. Sign. Verify. — Military-grade offline crypto toolkit.

Crates.io CI Rust License Platform Tests

Sibling to QuickTransform (qt) — same philosophy, different domain.

Overview

QuickCrypt is a fast, offline, military-grade cryptographic toolkit — CLI and GUI — built in pure Rust. No cloud. No complexity. No secrets ever leave your machine.

  • CLI (qc) for scripts, automation, and power users
  • GUI (qc-gui) for visual operations with dark/light themes
  • Cross-platform — Windows, Linux, macOS
  • Zero config — no key stores, no daemons, no setup

Why QuickCrypt?

Developers deal with encryption daily — protecting config files, generating keys, inspecting JWTs, signing data. The tooling is painful:

Tool Problem
openssl Hundreds of cryptic subcommands
gpg Complex key management, steep learning curve
Online tools Your secrets leave your machine
age Encryption only — no JWT, HMAC, certs, TOTP
jwt-cli JWT only, not a general crypto toolkit

QuickCrypt solves all of these. One binary, two letters: qc.

Features

Category Operations
Encryption AES-256-GCM, ChaCha20-Poly1305, RSA-OAEP
Signatures Ed25519, RSA-PSS (IND-CCA2)
Key Generation AES-128/256, RSA (2048–8192), Ed25519, passwords, random hex
JWT Decode & verify (HMAC-SHA256)
HMAC SHA-256, SHA-512 with constant-time verification
Passwords bcrypt & Argon2id hashing + verification
TOTP 2FA code generation (SHA-1 & SHA-256)
Certificates X.509 inspection & expiry check
Tools Strength checker, fingerprint, hex encode/decode, secure file wipe

Screenshots

GUI

Dark Theme — AES-256-GCM Encryption Light Theme — RSA-4096 Key Generation
Encrypt Keygen
TOTP SHA-256 — 2FA Codes Argon2id Password Hashing
TOTP Passwords
Help System — 11 Tabbed Sections Recent Actions Audit Log
Help Audit Log

CLI

Encryption & Decryption Key Generation & HMAC
Terminal Encrypt Terminal Keygen

Installation

From crates.io

# CLI only
cargo install quickcrypt

# CLI + GUI
cargo install quickcrypt --features gui

Pre-built Binaries

Download from Releases:

Platform CLI GUI
Windows qc.exe (~3 MB) qc-gui.exe (~6.6 MB)
Linux qc qc-gui
macOS qc qc-gui

From Source

git clone https://github.com/Brutus1066/QuickCrypt.git
cd QuickCrypt

# CLI only
cargo build --release

# CLI + GUI
cargo build --release --features gui

# Binaries at target/release/qc(.exe) and target/release/qc-gui(.exe)

Linux Dependencies (GUI)

# Ubuntu/Debian
sudo apt install libgtk-3-dev

# Fedora
sudo dnf install gtk3-devel

# Arch
sudo pacman -S gtk3

Install Scripts

# Windows
.\scripts\install-windows.ps1

# Linux
./scripts/install-linux.sh

# macOS
./scripts/install-macos.sh

Quick Start

# Encrypt a string (AES-256-GCM)
qc encrypt "my secret data" -p "StrongPass!23"

# Decrypt it back
qc decrypt <ciphertext> -p "StrongPass!23"

# ChaCha20-Poly1305
qc encrypt "secret" -p "StrongPass!23" --chacha

# Generate keys
qc keygen aes256              # 256-bit AES key
qc keygen ed25519 -o mykey    # Ed25519 key pair
qc keygen password 32         # 32-char secure password

# Sign & verify
qc sign data.txt --privkey mykey.pem
qc verify data.txt --sig data.sig --pubkey mykey.pub.pem

# JWT
qc jwt decode <token>
qc jwt verify <token> -s "secret"

# HMAC
qc hmac sha256 "message" -k "key"

# Password hashing
qc password argon2 "MyPassword123"
qc password verify-argon2 "MyPassword123" "$argon2id$..."

# TOTP 2FA
qc totp "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP"

# Utilities
qc strength "MyP@ssw0rd"
qc fingerprint mykey.pem
qc wipe sensitive.txt

Launch the GUI:

qc-gui

CLI Commands

JSON Output

All commands support --json for machine-readable output, ideal for scripting and automation:

qc encrypt "data" -p "StrongPass!23" --json
# {"action":"encrypt","cipher":"AES-256-GCM","strength":"STRONG","ciphertext":"..."}

qc keygen aes256 --json
# {"action":"keygen","type":"aes256","key":"a1b2c3..."}

qc hmac verify sha256 "msg" -k "key" -m <mac> --json
# {"action":"hmac_verify","algorithm":"sha256","valid":true}

qc strength "MyP@ssw0rd" --json
# {"action":"strength","rating":"STRONG","length":10,...}

In --json mode, verification commands return {"valid": true/false} instead of non-zero exit codes.

Symmetric Encryption

AES-256-GCM (default) or ChaCha20-Poly1305 with Argon2id key derivation (64 MiB, 3 iterations, 4 lanes).

qc encrypt "secret data" -p "MyPassphrase!1"
qc encrypt "secret data" -p "MyPassphrase!1" --chacha
qc decrypt <ciphertext> -p "MyPassphrase!1"          # auto-detects cipher
qc encrypt "secret data" -p "MyPassphrase!1" -o secret.enc
qc decrypt secret.enc -p "MyPassphrase!1"

Passphrase policy: Minimum 8 characters, at least 2 of: uppercase, lowercase, digit, special.

Asymmetric Encryption (RSA)

RSA-OAEP with SHA-256 (IND-CCA2 secure). Key sizes: 2048–8192 bits.

qc encrypt "secret" --pubkey recipient.pub.pem
qc decrypt <ciphertext> --privkey mykey.pem

Digital Signatures

Ed25519 (default, recommended) or RSA-PSS.

# Ed25519
qc sign document.txt --privkey mykey.pem
qc verify document.txt --sig document.sig --pubkey mykey.pub.pem

# RSA-PSS
qc sign data.txt --privkey rsa.pem --key-type rsa
qc verify data.txt --sig data.sig --pubkey rsa.pub.pem --key-type rsa

Key Generation

qc keygen aes128              # 128-bit AES key (hex)
qc keygen aes256              # 256-bit AES key (hex)
qc keygen rsa                 # RSA-2048 key pair
qc keygen rsa 4096            # RSA-4096 key pair
qc keygen rsa -o mykey        # Output to mykey.pem + mykey.pub.pem
qc keygen ed25519             # Ed25519 key pair
qc keygen ed25519 -o signing  # Output to signing.pem + signing.pub.pem
qc keygen random 64           # 64 random bytes (hex)
qc keygen password            # 24-char secure password
qc keygen password 32         # 32-char secure password

JWT Decode & Verify

qc jwt decode <token>
qc jwt decode <token> --verbose
qc jwt verify <token> -s "secret"
qc jwt verify <token> -s "secret" --verbose

HMAC

qc hmac sha256 "message" -k "key"
qc hmac sha512 "message" -k "key"
qc hmac verify sha256 "message" -k "key" -m <mac>

Password Hashing

qc password bcrypt "MyPassword123"
qc password argon2 "MyPassword123"
qc password verify-bcrypt "MyPassword123" "$2b$12$..."
qc password verify-argon2 "MyPassword123" "$argon2id$..."

TOTP / 2FA

qc totp "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP"
qc totp "BASE32SECRET" --digits 8 --period 60
qc totp "BASE32SECRET" --algo sha256

Certificate Inspection

qc cert inspect server.crt
qc cert expiry server.crt

Secure File Wipe

3-pass overwrite (zeros → 0xFF → random) + truncate + delete.

qc wipe sensitive_file.txt          # Prompts for confirmation
qc wipe sensitive_file.txt --force  # Skip confirmation

Utilities

qc strength "MyP@ssw0rd"           # Rate passphrase strength
qc fingerprint mykey.pem           # SHA-256 fingerprint

Security

Feature Implementation
Symmetric Cipher AES-256-GCM (default) or ChaCha20-Poly1305
Key Derivation Argon2id — 64 MiB memory, 3 iterations, 4 lanes
Salt 256-bit (32 bytes), cryptographically random per operation
RSA Padding OAEP-SHA256 (encrypt) + PSS-SHA256 (sign) — IND-CCA2 secure
RSA Signing PSS with randomized padding (upgraded from PKCS#1 v1.5)
RSA Key Size Enforced 2048–8192 bits, multiples of 1024
HMAC Comparison Raw-byte constant-time via subtle crate
Memory Safety Private keys in Zeroizing<String>, buffers zeroize()d on drop
Passphrase Policy Minimum 8 chars, 2+ character categories required
Password Hashing bcrypt (cost 4–31) and Argon2id (19 MiB, 2 iterations)
TOTP Short secrets auto-padded to algorithm minimum (128-bit for SHA-256)
Secure Deletion 3-pass overwrite + truncate before removal

Known Advisory

RUSTSEC-2023-0071: The rsa 0.9 crate has a timing side-channel (Marvin Attack) in PKCS#1 v1.5 decryption. QuickCrypt mitigates this by using PSS for signing and OAEP for encryption. Tracking: RustCrypto/RSA#19.

Binary Format

[1 byte: version] [32 bytes: salt] [12 bytes: nonce] [N bytes: ciphertext + auth tag]
Version Cipher
0x01 AES-256-GCM
0x02 ChaCha20-Poly1305

Base64-encoded when printed to stdout. Decryption auto-detects the cipher from the version byte.

Library Usage

QuickCrypt exposes all crypto operations as a Rust library:

use quickcrypt::crypto::{symmetric, asymmetric, keys, hmac_auth, jwt, password, totp};

// Symmetric encryption (auto-detects cipher on decrypt)
let ct = symmetric::encrypt(b"secret", "StrongPass!23")?;
let pt = symmetric::decrypt(&ct, "StrongPass!23")?;

// ChaCha20-Poly1305
let ct = symmetric::encrypt_chacha(b"secret", "StrongPass!23")?;

// Generic cipher selection
use quickcrypt::crypto::symmetric::CipherKind;
let ct = symmetric::encrypt_with(b"data", "pass", CipherKind::ChaCha20)?;
let pt = symmetric::decrypt_with(&ct, "pass")?;

// RSA
let kp = asymmetric::generate_rsa_keypair(4096)?;
let ct = asymmetric::rsa_encrypt(b"secret", &kp.public_pem)?;
let pt = asymmetric::rsa_decrypt(&ct, &kp.private_pem)?;

// Ed25519 signing
let kp = asymmetric::generate_ed25519_keypair()?;
let sig = asymmetric::ed25519_sign(b"data", &kp.private_pem)?;
let ok = asymmetric::ed25519_verify(b"data", &sig, &kp.public_pem)?;

// HMAC
let mac = hmac_auth::hmac_sign("sha256", b"message", b"key")?;
let ok = hmac_auth::hmac_verify("sha256", b"message", b"key", &mac)?;

// Password hashing
let hash = password::bcrypt_hash("password", 12)?;
let ok = password::bcrypt_verify("password", &hash)?;
let hash = password::argon2_hash("password")?;

// TOTP
use quickcrypt::crypto::totp::TotpAlgorithm;
let (code, remaining) = totp::generate("JBSWY3DPEHPK3PXP", 6, 30, TotpAlgorithm::SHA1)?;

// Key generation
let key = keys::generate_aes_key(256)?;
let pwd = keys::generate_password(24)?;
let fp = keys::fingerprint(b"key data");

GUI

The GUI provides the same crypto engine with a modern, themed interface:

# Build
cargo build --release --features gui

# Run
./target/release/qc-gui

Features:

  • Dark & Light themes
  • 11-section help system with tabbed navigation
  • Recent Actions audit log — timestamped record of every operation
  • Background threading for RSA keygen & password hashing
  • Keyboard shortcuts: Ctrl+Enter (execute), Ctrl+L (clear)
  • Copy to clipboard & save to file
  • Real-time passphrase strength meter

Dependencies

All pure Rust. No OpenSSL. No system libraries (except platform windowing for GUI).

Crate Purpose
aes-gcm 0.10 AES-256-GCM authenticated encryption
chacha20poly1305 0.10 ChaCha20-Poly1305 authenticated encryption
argon2 0.5 Argon2id key derivation & password hashing
rsa 0.9 RSA-OAEP encryption & RSA-PSS signing
ed25519-dalek 2 Ed25519 signing & verification
jsonwebtoken 9 JWT decode & verify
hmac 0.12 + sha2 0.10 HMAC-SHA256/SHA512
x509-parser 0.16 X.509 certificate inspection
totp-rs 5 TOTP 2FA code generation
bcrypt 0.15 bcrypt password hashing
zeroize 1 Secure memory erasure
subtle 2 Constant-time comparison
clap 4 CLI argument parsing
eframe 0.29 GUI framework (optional)

Test Suite

91 tests — all passing

75 unit tests across 9 modules
16 integration tests (end-to-end CLI pipeline)
 0 failures

cargo test          # Run all tests
cargo clippy        # Zero warnings

Project Structure

src/
  main.rs          # CLI entry point (qc)
  gui_main.rs      # GUI entry point (qc-gui)
  lib.rs           # Library exports + shared utilities
  crypto/
    mod.rs         # Module declarations
    symmetric.rs   # AES-256-GCM, ChaCha20-Poly1305, CipherKind
    asymmetric.rs  # RSA-OAEP, RSA-PSS, Ed25519
    keys.rs        # Key generation, fingerprint
    jwt.rs         # JWT decode & verify
    hmac_auth.rs   # HMAC-SHA256/512
    totp.rs        # TOTP 2FA (SHA-1, SHA-256)
    cert.rs        # X.509 certificate inspection
    password.rs    # bcrypt & Argon2id
    secure_wipe.rs # 3-pass file destruction
build.rs           # Windows resource embedding (icon)
scripts/           # Platform install scripts
tests/             # Integration tests
assets/            # Screenshots

Release Checksums

SHA-256 hashes for v1.0.0 release binaries (Windows x86_64):

ea8fcf2aa385d43a40064739fa805d7931dd864de480e033cca903a7f06d9bbc  qc.exe
6fc03b0c9cf0b3c0d20392684482bdc7c826f6828183a08e181187789b5f695d  qc-gui.exe

Verify with:

# Windows PowerShell
Get-FileHash qc.exe -Algorithm SHA256
Get-FileHash qc-gui.exe -Algorithm SHA256

# Linux/macOS
sha256sum qc qc-gui

Quick* Family

Tool Domain Binary Install
QuickTransform Encode. Decode. Hash. Generate. qt cargo install quicktransform
QuickCrypt Encrypt. Decrypt. Sign. Verify. qc cargo install quickcrypt

Error Handling

QuickCrypt uses typed Result<T, String> errors throughout. Every function returns a descriptive error message on failure — no panics in library code.

CLI behaviour:

  • Normal mode: errors print to stderr with colored indicators (✗ Error: ...) and exit code 1
  • --json mode: errors return {"error": "message"} on stdout with exit code 0 (no stderr)
  • Verification failures in --json mode return {"valid": false} instead of exit code 1

GUI behaviour:

  • Errors display inline with red status labels
  • All operations (success and failure) are recorded in the Recent Actions audit log
  • Background operations (RSA keygen, password hashing) show spinners and report results asynchronously

Common error scenarios:

Error Cause Fix
"Passphrase too weak" Under 8 chars or missing categories Use 8+ chars with mixed uppercase, lowercase, digits, symbols
"Invalid base64" Corrupted ciphertext on decrypt Ensure the full ciphertext string is passed
"Key size must be 2048–8192" Invalid RSA key size Use a power‑of‑2 value in range
"HMAC verification failed" Wrong key or tampered message Check key and message match the original
"Invalid TOTP secret" Non-base32 secret Ensure the secret uses valid base32 characters

Troubleshooting

GUI not starting on Linux? Install GTK3 development libraries and rebuild:

sudo apt install libgtk-3-dev
cargo build --release --features gui

Command not found after install? Add the install directory to your PATH:

export PATH="$PATH:$HOME/.local/bin"

Build fails on Windows? Ensure you have the MSVC toolchain installed via Visual Studio Build Tools.

License

MIT License — see LICENSE for details.

LAZYFROG | kindware.dev | GitHub