simpleaes256cli 1.0.2

Minimal AES-256-GCM file encryption CLI — encrypt/decrypt files with a password
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

# aes256

Minimal AES-256-GCM file encryption CLI written in Rust.

Encrypts or decrypts a single file with a password. The original file is deleted after the operation succeeds.

## Install

```sh
cargo install aes256
```

Or build from source:

```sh
cargo build --release
# binary: target/release/simpleaes256-rs
```

## Usage

```
simpleaes256-rs -e <file>    encrypt a file
simpleaes256-rs -d <file>    decrypt a file
```

**Encrypt**

```sh
simpleaes256-rs -e secret.txt
# prompts for password (twice)
# writes  secret.txt.enc
# deletes secret.txt
```

**Decrypt**

```sh
simpleaes256-rs -d secret.txt.enc
# prompts for password
# writes  secret.txt   (strips .enc suffix)
# deletes secret.txt.enc
```

If the input file does not end in `.enc`, the output is written as `<file>.dec`.

## File format

```
[0..4]   magic  "AE56"
[4..20]  salt   16 bytes  (Argon2id input)
[20..32] nonce  12 bytes  (AES-GCM nonce)
[32..]   ciphertext + 16-byte GCM authentication tag
```

## Cryptography

| Primitive | Algorithm |
|-----------|-----------|
| Key derivation | Argon2id (default parameters) |
| Encryption | AES-256-GCM |
| Nonce/salt generation | OS CSPRNG (`OsRng`) |

## Dependencies

| Crate | Role |
|-------|------|
| [`aes-gcm`](https://crates.io/crates/aes-gcm) | AES-256-GCM encrypt / decrypt |
| [`argon2`](https://crates.io/crates/argon2) | Password-based key derivation |
| [`rand`](https://crates.io/crates/rand) | Cryptographically secure random bytes |
| [`rpassword`](https://crates.io/crates/rpassword) | Hidden password prompt |

## License

MIT