Releases: logand166/Encryptor
Secure File Encryptor/Decryptor - Release Notes 🚀 v2.0 - Security Enhanced Release
🔒 About the Project
Secure File Encryptor/Decryptor is a robust Python application designed to securely encrypt and decrypt files using AES-256-GCM, a military-grade encryption standard. The tool now features critical security fixes and enhancements to ensure maximum protection for your sensitive data.
✨ Key Features:
🔐 Military-Grade Encryption
Uses AES-256-GCM with PBKDF2HMAC-SHA256 for key derivation (600,000 iterations).
Unique nonce per chunk to prevent cryptographic vulnerabilities.
Chunk sequence validation to detect tampering or corruption.
🛡️ Security Fixes in v2.0
✅ Fixed Nonce Reuse Vulnerability – Each encryption chunk now uses a unique nonce.
✅ Chunk Integrity Protection – Added additional_data to bind chunks to their sequence.
✅ Secure File Handling – Temp files are wiped if operations fail.
📁 File Management:
Supports files up to 10GB.
Optional secure deletion of original files after encryption/decryption.
Automatic naming for decrypted files (.decrypted suffix).
🔎 Password Security
User Control Features:
Optional Original File Deletion - Secure workflow integration
Password Visibility Toggle - Eye icon for password confirmation
Real-time Password Strength Meter - Color-coded strength indicator:
🔴 Weak (<30%)
🟡 Moderate (30-70%)
🟢 Strong (>70%)
🖥️ User-Friendly UI
Clean, dark-themed interface (Qt Material).
Progress bars for encryption/decryption.
Detailed operation logs.
⚙️ Technical Improvements:
🛠 Fixed in This Release
Critical Security Patch: Previously, the app reused the same nonce for all chunks, which could allow attackers to extract data. Now, each chunk has a unique nonce.
Chunk Validation: Added additional_data to ensure chunks decrypt in the correct order.
Better Error Handling: Clear messages for decryption failures (e.g., wrong password).
📜 How It Works Now
Encryption:
Generates a random salt and derives a key using PBKDF2.
Splits the file into 1MB chunks, each encrypted with a unique nonce.
Stores salt + nonces in the output file.
Decryption:
Validates chunk order using additional_data.
Fails if chunks are missing or modified.
🖱️ UI Guide
Encrypt Tab:
Select file → Set password → Choose output path.
Enable "Delete original" for secure erasure.
Decrypt Tab:
Select .encrypted file → Enter password → Choose output folder and name the file
❓ FAQ:
❔ Is this really secure?
✅ Yes! Uses AES-256-GCM, the same standard used by governments and banks. The v2.0 fixes make it resistant to known attacks.
❔ Can I recover files if I lose the password?
❌ No. The encryption is irreversible without the password.
❔ Why chunk files?
To handle large files (10GB) without high memory usage. Now done safely with unique nonces.
🎉 Special Thanks
To the amazing people who reported the nonce reuse issue! This release makes the tool more secure than ever.
📜 License
MIT License - Free for personal and commercial use.
💻 Happy Encrypting! 🔐
v1.5.0
Secure File Cryptor - Professional Encryption Tool
🔐 Enhanced Security Features
Cryptographic Core:
AES-256-GCM Encryption - Military-grade encryption with authentication
PBKDF2 Key Derivation - 600,000 iterations for brute-force protection
Secure File Integrity - GCM tags (16 bytes per chunk) ensure tamper-proofing
Automatic Salt/Nonce - Unique cryptographically-secure values per operation
Note: The intentional 0.1-1% file size increase comes from GCM authentication tags - an essential security tradeoff that prevents file tampering.
✨ New UI/UX Improvements
User Control Features:
Optional Original File Deletion - Secure workflow integration
Password Visibility Toggle - Eye icon for password confirmation
Real-time Password Strength Meter - Color-coded strength indicator:
🔴 Weak (<30%)
🟡 Moderate (30-70%)
🟢 Strong (>70%)
Streamlined Operations:
Automatic .encrypted/.decrypted Extensions - Consistent file handling
Output Folder Selection - Flexible decryption locations
Duplicate File Handling - Automatic naming conflicts resolution
🛡️ Security Architecture
File Processing:
text
Copy
[File Structure]
Original File -> [Salt (16B)][Nonce (12B)][Encrypted Chunks...]
Each chunk includes 16B GCM authentication tag
Key Security Advantages:
Tamper-Proof Design - GCM tags make modified files undecryptable
Secure Memory Handling - Keys never persisted to disk
Brute-Force Protection - 600K PBKDF2 iterations slow attacks