rsecure
rsecure is a simple and secure command-line tool for AES-GCM file encryption and decryption, built in pure Rust. Ideal for protecting sensitive files, backups, and personal data.
Keep It Simple Stupid
Features
- 🔐 AES-256 GCM encryption & decryption
- 🚀 Fast & dependency-free (pure Rust)
- 🛡️ Safe key handling (keys never stored with data)
- 🖥️ Simple CLI interface
- 📦 Available on crates.io
Installation
Using cargo:
Locally:
Usage
Commands
| Command | Description |
|---|---|
rsecure create-key -o /mnt/myusb/rsecure.key |
Generate a new AES-256 key and save it to a file |
openssl rand -out /mnt/myusb/rsecure.key 32 |
Alternative: generate a random 256-bit key using OpenSSL |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt |
Encrypt a single file (.enc file is created in the same directory) |
rsecure encrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Encrypt all files in a directory |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/text_to_encrypt.txt.enc |
Decrypt a single encrypted file |
rsecure decrypt -p /mnt/myusb/rsecure.key -s /tmp/mydirectory/files/ |
Decrypt all files in a directory |
rsecure encrypt -r -p ~/.keys/rsecure.key -s /tmp/rsecure/dirtoencrypt/ |
Encrypt and remove original files |
[!WARNING] Saving the key in the same local filesystem where you save the encrypted files is not a good idea. Save the key in a secure location, like a
USB driveor a password manager. Or just save it in aroot owned directorywith strict permissions (will require sudo to use it).
[!IMPORTANT] By default,
rsecurewill not delete the source plain files after encryption to avoid data loss. If you want to delete the source files after encryption, use-rflag.
Local dev
Testing encryption and decryption:
for; do
|
done
#
License
rsecure is distributed under the terms of the GPL3 license.