rsecure 0.1.0

A simple file encryption and decryption tool using AES-GCM.
rsecure-0.1.0 is not a library.

rsecure

Secure file encryption using pure Rust and AES 🔒.

Keep It Simple Stupid

Installation

Using cargo:

cargo install rsecure

Locally:

git clone https://github.com/containerscrew/rsecure.git
cd rsecure
cargo build --release
sudo cp ./target/release/rsecure /usr/local/bin/

Usage

Generate a new AES 256 key and save it to a file if you don't have one already:

rsecure create-key -o /mnt/myusb/rsecure.key
# Or using openssl
openssl rand -out /mnt/myusb/rsecure.key 32

[!WARNING] Saving the key in the same local filesystem were you save the encrypted files is not a good idea. Save the key in a secure location, like a USB drive or a password manager. Or just save it in a root owned directory with strict permissions (will require sudo to use it).

rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt

This will create a file named text_to_encrypt.txt.enc in the same directory as the source file.

rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/

This will encrypt all the files inside the directory /tmp/mydirectory/files/

rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt.enc

This will decrypt the file named text_to_encrypt.txt.enc in the same directory as the source file.

rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/

This will decrypt all the files inside the directory /tmp/mydirectory/files/

[!IMPORTANT] By default, rsecure will not delete the source plain files after encryption to avoid data loss. If you want to delete the source files after encryption, use -r flag.

rsecure encrypt -r -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/

This will delete all the original (plain text) files under /tmp/rsecure/dirtoencrypt/. The program will prompt for confirmation before deleting the source files. Just Press Enter.

Local dev

Testing encryption and decryption:

mkdir -p /tmp/rsecure/dirtoencrypt
touch /tmp/rsecure/filetoencrypt.txt
echo 'please, hack me!' > /tmp/rsecure/filetoencrypt.txt
for i in {1..10}; do
    head -c 100 /dev/urandom | base64 > /tmp/rsecure/dirtoencrypt/file_$i.txt
done

rsecure create-key -o ~/.keys/rsecure.key
rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt
rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/filetoencrypt.txt.enc
#
rsecure encrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/
rsecure decrypt -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/

License

rsecure is distributed under the terms of the GPL3 license.