Skip to content

starriv/hycrypt-py

BranchesTags

Repository files navigation

🔐 Hycrypt File Encryption/Decryption Tool

A secure file encryption/decryption tool based on modern cryptographic standards, featuring AES-256-CBC encryption algorithm and Argon2id key derivation function. Supports file and directory encryption with password confirmation mechanism to ensure encryption security.

🚀 Quick Start

标准运行方式

# 安装依赖
pip install -r requirements.txt

# 运行程序
python3 main.py

# 查看帮助
python3 main.py --help

系统 PATH 配置(推荐)

配置后可在任意目录运行:

# 一键配置脚本(推荐)
bash scripts/setup_path.sh

# 或者手动配置:
# 需要管理员权限
sudo ln -sf "$(pwd)/hycrypt" /usr/local/bin/hycrypt

# 或者用户目录(无需管理员权限)
mkdir -p ~/bin
ln -sf "$(pwd)/hycrypt" ~/bin/hycrypt

# 现在可以在任意目录运行
hycrypt --help

📖 详细安装指南 | 📋 PATH 配置指南

✨ Key Features

  • Dual Operation Modes: Supports both interactive interface and command-line parameters
  • Secure Encryption: Uses industry-standard AES-256-CBC encryption algorithm
  • Strong Key Derivation: Utilizes Argon2id (winner of 2015 Password Hashing Competition)
  • Smart File Naming: Automatically restores original filename after decryption, no extra suffixes
  • Directory Encryption: Supports directory compression encryption with automatic multi-level subdirectory handling
  • Password Confirmation: Enforces double confirmation during encryption to prevent password input errors
  • Algorithm Display: Real-time display of current encryption algorithm information
  • Custom Output: Supports specifying encryption/decryption output filenames
  • File Integrity: Automatically handles file size and format

🔬 Program Principles

Encryption Process

  1. Key Derivation: Derives 256-bit encryption key from user password using Argon2id
  2. Random Parameter Generation: Generates 128-bit random salt and initialization vector (IV)
  3. Preprocessing Check: If it's a directory, compresses it to ZIP format first
  4. AES Encryption: Encrypts file content using AES-256-CBC mode
  5. Data Assembly: Combines salt, IV, and ciphertext into encrypted file
  6. Post-processing: Cleans up temporary compression files (for directory encryption)

Decryption Process

  1. Parameter Extraction: Extracts salt, IV, and ciphertext from encrypted file
  2. Key Reconstruction: Re-derives decryption key using same Argon2id parameters
  3. AES Decryption: Decrypts ciphertext using AES-256-CBC mode
  4. Data Recovery: Removes padding and restores original file content
  5. Post-processing: If it's a compressed file, automatically decompresses and restores directory structure

Security Design

  • Forward Secrecy: Uses random salt and IV for each encryption
  • Password Verification: Naturally verifies password correctness through decryption results
  • Password Confirmation: Enforces double confirmation during encryption to prevent password input errors
  • Data Integrity: PKCS#7 padding ensures data integrity
  • No Password Storage: System does not store user passwords, fully decentralized
  • Algorithm Transparency: Real-time display of encryption algorithm information used

🛡️ Algorithm Advantages

AES-256-CBC Encryption

  • Key Length: 256 bits, providing military-grade security strength
  • Encryption Mode: CBC (Cipher Block Chaining), enhanced security
  • Block Size: 128 bits, compliant with industrial standards
  • Padding Scheme: PKCS#7, ensures data integrity

Argon2id Key Derivation

  • Memory Consumption: 64MB, resistant to hardware attacks
  • Time Cost: 10 iterations, balancing security and performance
  • Parallelism: 4 threads, fully utilizing multi-core processors
  • Salt: 128-bit random number, preventing rainbow table attacks

🚀 Quick Start

Interactive Interface

python encrypt.py

Command Line Encryption

# Basic file encryption
python encrypt.py -e file.txt -p password

# Specify output filename
python encrypt.py -e file.txt -p password -o custom_name.enc

# Directory encryption (automatic compression)
python encrypt.py -e directory_path -p password

Command Line Decryption

# Basic file decryption
python encrypt.py -d file.txt.enc -p password

# Specify output filename
python encrypt.py -d file.txt.enc -p password -o restored_file.txt

# Directory decryption (automatic decompression)
python encrypt.py -d 20250923-directory.zip.enc -p password

🔧 Technical Features

Feature Description
Encryption Algorithm AES-256-CBC
Key Derivation Argon2id
Key Length 256 bits
Salt Length 128 bits
IV Length 128 bits
File Format Supports any file type
Directory Encryption Automatically compresses multi-level directories
Password Confirmation Enforces double confirmation mechanism
Algorithm Display Real-time display of encryption algorithm
Large File Handling Supports large file streaming processing

🧪 Testing and Validation

Run comprehensive test suite:

python run_tests.py

Tests include:

  • ✅ Basic encryption/decryption functionality
  • ✅ Command-line interface testing
  • ✅ Error handling mechanisms
  • ✅ Parameter validation
  • ✅ Incorrect password handling
  • ✅ Large file processing
  • ✅ Interactive interface testing
  • ✅ Directory encryption/decryption functionality (multi-level)
  • ✅ Password confirmation mechanism
  • ✅ Algorithm information display

📁 File Structure

encrypt.py              # Main program file
test_integrated.py      # Comprehensive test suite
run_tests.py           # Test runner
__demo__/              # Demo directory (test only)
.claude/FILING_RULES.md # File management rules
README.md              # This document

📋 File Management Rules

Working Directory Management

  • User Files: Encrypted/decrypted files remain in original directory location
  • Test Files: All test files are stored in __demo__ directory
  • Directory Encryption: Compressed files are generated in same-level location as original directory
  • Naming Format: Directory encryption uses YYYYMMDD-directory_name.zip.enc format

Usage Guidelines

  • User encrypted files are directly output to source file directory
  • Test and demo files are uniformly placed in __demo__ directory
  • Temporary compressed files are automatically cleaned up to maintain directory cleanliness

🔒 Security Notes

  1. Password Strength: Recommended password length of at least 6 characters
  2. Password Confirmation: Enforces double confirmation during encryption to prevent password input errors
  3. File Backup: Please backup important files before encryption
  4. Password Management: Please keep encryption passwords safe; forgotten passwords cannot recover files
  5. Encryption Verification: Please verify file integrity after encryption
  6. Algorithm Transparency: Real-time display of encryption algorithms used ensures security visibility

📋 Usage Recommendations

  • Personal File Protection: Protect sensitive documents, photos and other personal privacy
  • Directory Encryption: Batch encrypt entire folders including all subdirectories
  • Data Transfer: Secure transfer of important files
  • Backup Encryption: Encrypt backup files for protection
  • Work Documents: Protect business secrets and work files
  • Project Archiving: Encrypt entire project directories for secure storage

🎯 Algorithm Standards

The encryption scheme implemented in this tool complies with the following international standards:

  • AES: FIPS PUB 197 standard
  • PBKDF2: RFC 2898 standard
  • Argon2: PHC (Password Hashing Competition) standard

About

A modern file encryption and decryption tool based on Argon2id and AES-256-CBC

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages