Filecrypt
Cryptographic tool script for encrypting/decrypting files
Install / Use
/learn @Kartmaan/FilecryptREADME
- Filecrypt
- Commands
encrypt: Encrypt a filedecrypt: Decrypt a fileinstall: Install the required modulespsw: Generate a secure passwordread: Display the key of a filekeycreate: Create a filekeytimestamp: Displays the timestamp of an encrypted filecopykey: Copy a filekey's Base64 key to the clipboardgetsalt: Extract the salt from a password-encrypted fileverify: Verify that a key/password can decrypt a fileclean: Clear the clipboarddelete: Delete files/folders securelyzip: Zip files/foldersunzip: Unzip files/folders
- Some technical details
Filecrypt
<img width="380" height="380" alt="filecrypt_logo" src="https://github.com/user-attachments/assets/2a140939-496e-4f93-b14f-ec947575661a" />This Python script encrypts/decrypts files located in the script's current folder. The program is based on Fernet, an implementation of the AES-128 algorithm.
For security reasons, the script can only be placed in a non-sensitive area of the system, and can only access its current folder. If the script is placed in a sensitive area, SAFE_MODE is activated, preventing the call of any file-modifying function (see 'Some technical details' section for more information).
Compatibility
The script has been tested on Windows and Linux. Python >= 3.10 required
How to use it
To use this script, simply :
-
Place this script (or a copy) in the folder containing the files to be encrypted or decrypted.
-
Go to this folder from the terminal.
-
Call the script followed by the desired command. For example:
C:\Users\Bob\Pictures> python filecrypt.py encrypt image.jpg -ow
For a reminder of commands in the script: python filecrypt.py --help
Commands
encrypt : Encrypt a file
Encrypts a file present in the current folder using three different methods :
- By generating a random filekey in the current folder
- By using a valid filekey already present in the current folder
- By using a password (salt is generated and embedded automatically)
These three methods are mutually exclusive, but must include the name of the file to be encrypted and the overwrite option.
Options
-ow/--overwrite: the file will be overwritten by its encrypted version (in the case of an image file for example, it will therefore become corrupted)-c/--copy: the plaintext file will be copied before being overwritten by its encrypted version.-cs/--copysecret: automatically copies the Base64 secret key contained in the generated filekey to the clipboard. In password mode, this option has no effect — the salt is embedded in the file and can be retrieved with thegetsaltcommand.
Note: The
-c/--copyand-ow/--overwriteoptions are mutually exclusive but optional: if no option is added, the--copyoption will be enabled by default for security reasons. This allows for a more concise syntax:
python filecrypt.py encrypt psw.txtIn the following examples, we include these options to avoid any ambiguity.
Method 1 : By generating a random filekey in the current folder
Let's suppose we want to encrypt a file named psw.txt by overwriting it :
python filecrypt.py encrypt psw.txt -ow
Same thing, but first copy the file to the current folder before encrypting it.
python filecrypt.py encrypt psw.txt -c
A filekey named filekey.key will be created in the current folder.
Note 1: For standardization reasons and to avoid unfortunate modifications to a .txt format, all generated filekeys are in .
keyformat.
Note 2: The filekey doesn't contain the ciphertext but only the secret key. It should be kept in a safe place.
Method 2 : By using a filekey already present in the current folder
The -f/--filekey option lets us specify the filekey to be used
python filecrypt.py encrypt psw.txt -f filekey.key -ow
Method 3 : By using a password
The -p / --password option encrypts the file using a password. A random 16-byte salt is generated automatically by the script and embedded directly in the encrypted file as a prefix. The user never needs to see, note, or re-enter the salt — it travels with the file and is recovered automatically at decryption time.
Let's say we have an image named image.jpg in the current folder and we want to encrypt it with a password:
python filecrypt.py encrypt image.jpg -p -ow
A confidential input field appears to receive the password:
> Password: *************
The file is encrypted in place. The salt is silently embedded in the output file and requires no further action from the user.
---- Encryption of image.jpg ----
Data encryption...
Encrypted data writing...
---- Operation completed successfully ----
The salt has been embedded in the encrypted file.
Use 'getsalt' to inspect it if needed.
Note: Only the password needs to be kept safe. The salt is cryptographically public — its value alone, without the password, is useless to an attacker. It can be inspected at any time using the
getsaltcommand.
decrypt : Decrypt a file
Decrypts a file present in the current folder using two different methods :
- By using a filekey present in the current folder
- By using a password (salt is recovered automatically from the file)
Method 1 : By using a filekey present in the current folder
Decryption of a file named psw.txt using a filkey named filekey.key present in the current folder :
python filecrypt.py decrypt psw.txt filekey.key
Note : For standardization reasons and to avoid unfortunate modifications to a .txt format, all filekeys must be in
.key.
Method 2 : By using a password
This method is used to decrypt a file that was encrypted using a password. The salt is recovered automatically from the first 16 bytes of the encrypted file — the user only needs to provide the password.
Here we decrypt the file image.jpg encrypted with the -p option:
python filecrypt.py decrypt image.jpg -p
A confidential input field appears to receive the password:
> Password: *************
The salt is then recovered silently from the file and decryption proceeds:
---- Decryption of image.jpg ----
Salt recovered from file...
Decrypting data...
---- Operation completed successfully ----
install : Install the required modules
Installs all non built-in modules and their dependencies via the pip command.
Note: When the script is launched, if the import of a non built-in module encounters an ImportError, a request is made to the user to automatically install the missing modules.
Example
python filecrypt.py install
psw : Generate a secure password
Generates a strong password and print it, so that it can be used to encrypt files. By default, the password is 17 characters long, made up of :
- Upper letters
- Lower letters
- Digits
- Symbols
Options:
-cs/--copysecret: automatically copies the generated password to the clipboard.
Password entropy
In information theory, entropy measures the degree of uncertainty (or randomness) associated with a random variable. The higher the entropy, the more unpredictable the variable. Applied to passwords, entropy quantifies the difficulty for an attacker to guess the password. The password entropy value, expressed in bits, is defined by the following formula :
$E = L \cdot \log_{2}(R)$
Where L is the length of the password and R is the possible range of character types in the password (In other words, the number of possible states for each character).
Typically, a strong or high-entropy password is at least 80 bits. Anything less than 50 bits is relatively easy for a machine to crack, for example, a password with a length of 6 and composed entirely of numbers has an entropy of 20, which is easily cracked by brute force. In our case we have 94 possible states for each character of the password :
- 26 upper letters
- 26 lower letters
- 10 digits
- 32 symbols
Applying the formula for a password length of 17, we have :
$E = 17 \cdot \log_{2}(94) = 111.42$
The passwords generated by the command will therefore have an entropy of slightly more than 111 bits, which satisfies most safety recommendations.
Example
python filecrypt.py psw
> rv1rX\L!4m=v=[u0c
With copysecret option:
> p
